CVE-2021-27799 - ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer over

CVE-2021-27799

Summary

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

References

http://zint.org.uk/Manual.aspx?type=p&page=3
http://zint.org.uk/Manual.aspx?type=p&page=4
http://zint.org.uk/Manual.aspx?type=p&page=5
https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
https://sourceforge.net/p/zint/tickets/218/

Vulnerable Configurations

cpe:2.3:a:zint:barcode_generator:2.9.1:*:*:*:*:*:*:*
cpe:2.3:a:zint:barcode_generator:2.9.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 10-03-2021 - 16:59)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

Last major update

10-03-2021 - 16:59

Published

26-02-2021 - 22:15

Last modified

10-03-2021 - 16:59