{"id":"USN-7118-1","summary":"zbar vulnerabilities","details":"It was discovered that ZBar did not properly handle certain QR codes. If a\nuser or automated system using ZBar were tricked into opening a specially\ncrafted file, an attacker could possibly use this to obtain sensitive\ninformation.  (CVE-2023-40889)\n\nIt was discovered that ZBar did not properly handle certain QR codes. If a\nuser or automated system using ZBar were tricked into opening a specially\ncrafted file, an attacker could possibly use this to obtain sensitive\ninformation. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04\nLTS. (CVE-2023-40890)\n","modified":"2026-04-27T17:10:12.166692Z","published":"2024-11-21T12:23:06Z","related":["UBUNTU-CVE-2023-40889","UBUNTU-CVE-2023-40890"],"upstream":["CVE-2023-40889","CVE-2023-40890","UBUNTU-CVE-2023-40889","UBUNTU-CVE-2023-40890"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7118-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-40889"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-40890"}],"affected":[{"package":{"name":"zbar","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/zbar@0.10+doc-10ubuntu1+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10+doc-10ubuntu1+esm1"}]}],"versions":["0.10+doc-10build1","0.10+doc-10build2","0.10+doc-10ubuntu1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libbarcode-zbar-perl","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"libzbar0","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"libzbargtk0","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"libzbarqt0","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"python-zbar","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"python-zbarpygtk","binary_version":"0.10+doc-10ubuntu1+esm1"},{"binary_name":"zbar-tools","binary_version":"0.10+doc-10ubuntu1+esm1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-40889","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7118-1.json"}},{"package":{"name":"zbar","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/zbar@0.10+doc-10.1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.10+doc-10.1ubuntu0.1~esm1"}]}],"versions":["0.10+doc-10.1build2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libbarcode-zbar-perl","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"libzbar0","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"libzbargtk0","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"libzbarqt0","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"python-zbar","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"python-zbarpygtk","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"},{"binary_name":"zbar-tools","binary_version":"0.10+doc-10.1ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-40889","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7118-1.json"}},{"package":{"name":"zbar","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/zbar@0.23-1.3ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.23-1.3ubuntu0.1~esm1"}]}],"versions":["0.23-1.1","0.23-1.2","0.23-1.3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libbarcode-zbar-perl","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"libzbar0","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"libzbargtk0","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"libzbarqt0","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"python3-zbar","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"zbar-tools","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"zbarcam-gtk","binary_version":"0.23-1.3ubuntu0.1~esm1"},{"binary_name":"zbarcam-qt","binary_version":"0.23-1.3ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-40889","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40890","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7118-1.json"}},{"package":{"name":"zbar","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/zbar@0.23.92-4ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.23.92-4ubuntu0.1~esm1"}]}],"versions":["0.23.90-1","0.23.92-4","0.23.92-4build2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_name":"libbarcode-zbar-perl","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"libzbar0","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"libzbargtk0","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"libzbarqt0","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"python3-zbar","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"zbar-tools","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"zbarcam-gtk","binary_version":"0.23.92-4ubuntu0.1~esm1"},{"binary_name":"zbarcam-qt","binary_version":"0.23.92-4ubuntu0.1~esm1"}]},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2023-40889","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2023-40890","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7118-1.json"}}],"schema_version":"1.7.5"}