Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0374)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2024.0374

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2024-0374)

Zusammenfassung: The remote host is missing an update for the 'zbar' package(s) announced via the MGASA-2024-0374 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'zbar' package(s) announced via the MGASA-2024-0374 advisory.

Vulnerability Insight:
A heap-based buffer overflow exists in the qr_reader_match_centers
function of ZBar 0.23.90. Specially crafted QR codes may lead to
information disclosure and/or arbitrary code execution. To trigger this
vulnerability, an attacker can digitally input the malicious QR code, or
prepare it to be physically scanned by the vulnerable scanner.
CVE-2023-40889
A stack-based buffer overflow vulnerability exists in the
lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may
lead to information disclosure and/or arbitrary code execution. To
trigger this vulnerability, an attacker can digitally input the
malicious QR code, or prepare it to be physically scanned by the
vulnerable scanner. CVE-2023-40890

Affected Software/OS:
'zbar' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-40889
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665/
https://hackmd.io/@cspl/B1ZkFZv23
https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html
Common Vulnerability Exposure (CVE) ID: CVE-2023-40890
https://hackmd.io/@cspl/H1PxPAUnn

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0374
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0374)
Zusammenfassung:	The remote host is missing an update for the 'zbar' package(s) announced via the MGASA-2024-0374 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'zbar' package(s) announced via the MGASA-2024-0374 advisory. Vulnerability Insight: A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40889 A stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be physically scanned by the vulnerable scanner. CVE-2023-40890 Affected Software/OS: 'zbar' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-40889 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25LZZQJGGZRPLKTRNRNOTAFQJIPS7WRP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DC7V5YCLCPB36J2KY6WLZCABFLBRB665/ https://hackmd.io/@cspl/B1ZkFZv23 https://lists.debian.org/debian-lts-announce/2023/12/msg00001.html Common Vulnerability Exposure (CVE) ID: CVE-2023-40890 https://hackmd.io/@cspl/H1PxPAUnn
Copyright	Copyright (C) 2024 Greenbone AG