Changelog
zbar (0.23.92-9) unstable; urgency=high
* Non-maintainer upload.
* Fix two security bug (Closes: #1051724):
- Fix CVE-2023-40889: A heap-based buffer overflow existed
in the qr_reader_match_centers function.
Specially crafted QR codes may lead to information disclosure
and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.
- Fix CVE-2023-40890: A stack overflow was present in lookup_sequence
function of ZBar 0.23.90. Specially crafted QR codes may lead
to information disclosure and/or arbitrary code execution.
To trigger this vulnerability, an attacker can digitally input
the malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.
-- Bastien Roucariès <email address hidden> Thu, 30 Nov 2023 11:19:08 +0000