Chang Oliver

**Name of the Vulnerable Software and Affected Versions** ZBar version 0.23.90 **Description** A heap-based buffer overflow exists in the `qr reader match centers` function. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this issue, an attacker can digitally input the malicious QR code or prepare it to be physically scanned by the vulnerable scanner. **Recommendations** For ZBar version 0.23.90, consider disabling the `qr reader match centers` function until a patch is available to prevent potential exploitation. Restrict the input of QR codes to trusted sources to minimize the risk of information disclosure and/or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ZBar version 0.23.90 **Description** A stack-based buffer overflow vulnerability exists in the `lookup sequence` function. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. **Recommendations** For ZBar version 0.23.90, consider disabling the `lookup sequence` function until a patch is available to prevent potential exploitation. Restrict access to the vulnerable function to minimize the risk of information disclosure and/or arbitrary code execution. Avoid using the vulnerable scanner to scan untrusted QR codes until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.