Libzint · Zint · CVE-2020-9385
**Name of the Vulnerable Software and Affected Versions**
Zint version 2.7.1
**Description**
A NULL Pointer Dereference issue exists in libzint because multiple + characters are mishandled in the `add on` function in upcean.c, when called from `eanx` in upcean.c during EAN barcode generation.
**Recommendations**
For Zint version 2.7.1, consider disabling the `add on` function in upcean.c as a temporary workaround until a patch is available. Restrict access to the `eanx` function in upcean.c to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.