Vulnerabilities > CVE-2021-27799 - Out-of-bounds Write vulnerability in Zint Barcode Generator 2.9.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

zint

CWE-787

NVD

Published: 2021-02-26

Updated: 2021-03-10

Summary

ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.

Vulnerable Configurations

Part	Description	Count
Application	Zint Zint Barcode Generator 2.9.1	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

http://zint.org.uk/Manual.aspx?type=p&page=3
http://zint.org.uk/Manual.aspx?type=p&page=4
http://zint.org.uk/Manual.aspx?type=p&page=5
https://sourceforge.net/p/zint/code/ci/7f8c8114f31c09a986597e0ba63a49f96150368a/
https://sourceforge.net/p/zint/tickets/218/