QwikSec

Security Database

CVE

CWE

Training

CVE-2023-40889

Published: Aug 29, 2023

Modified: Nov 4, 2025

PUBLISHED

Description

A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackmd.io/%40cspl/B1ZkFZv23

[debian-lts-announce] 20231201 [SECURITY] [DLA 3675-1] zbar security update

mailing-list

FEDORA-2024-583e4098b9

vendor-advisory

FEDORA-2024-73d5220ed3

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.