Vulnerabilities > CVE-2020-9385 - NULL Pointer Dereference vulnerability in Zint 2.7.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

zint

CWE-476

NVD

Published: 2020-02-25

Updated: 2020-02-26

Summary

A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.

Vulnerable Configurations

Part	Description	Count
Application	Zint Zint Zint 2.7.1	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://sourceforge.net/p/zint/tickets/181/