A zbar security update has been released for Debian GNU/Linux 9 Extended LTS to address a heap-based buffer overflow existed in the qr_reader_match_centers function.
ELA-1013-1 zbar security update
Package : zbar
Version : 0.10+doc-10.1+deb9u1 (stretch)
Related CVEs :
CVE-2023-40889
Zbar, a barcode scanner application, was vulnerable. A heap-based buffer overflow existed
in the qr_reader_match_centers function.
Specially crafted QR codes may lead to information disclosure
and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned
by the vulnerable scanner.
