Jan Schrewe

**Name of the Vulnerable Software and Affected Versions** Zint Barcode Generator versions prior to 2.10.0 **Description** The issue is related to a one-byte buffer over-read in the Zint Barcode Generator. This is connected to the `is last single ascii` function in code1.c and the `rs encode uint` function in reedsol.c. **Recommendations** For versions prior to 2.10.0, update to version 2.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the functions `is last single ascii` and `rs encode uint` until a patch is available.

Name of the Vulnerable Software and Affected Versions: Zint Barcode Generator version 2.9.1 Zint Barcode Generator version 2.19.1 Description: The issue is related to a stack-based buffer overflow in the `ean leading zeroes` function in `backend/upcean.c` of the Zint Barcode Generator. This overflow is reachable from the C API through an application that includes the Zint Barcode Generator library code. Recommendations: For Zint Barcode Generator version 2.9.1, consider disabling the `ean leading zeroes` function in `backend/upcean.c` to prevent exploitation until a patch is available. For Zint Barcode Generator version 2.19.1, consider disabling the `ean leading zeroes` function in `backend/upcean.c` to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.