Amazon Linux 1 Security Advisory: ALAS-2023-1887
Advisory Release Date: 2023-11-10 17:32 Pacific
Advisory Updated Date: 2023-11-15 23:27 Pacific
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. (CVE-2023-40889)
A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. (CVE-2023-40890)
Affected Packages:
zbar
Issue Correction:
Run yum update zbar to update your system.
i686:
zbar-devel-0.10-19.3.amzn1.i686
zbar-debuginfo-0.10-19.3.amzn1.i686
zbar-0.10-19.3.amzn1.i686
src:
zbar-0.10-19.3.amzn1.src
x86_64:
zbar-0.10-19.3.amzn1.x86_64
zbar-debuginfo-0.10-19.3.amzn1.x86_64
zbar-devel-0.10-19.3.amzn1.x86_64