CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

CLSA-2025-1765902200 opensc: Fix of CVE-2024-45619

CVE-2024-45619: fix insufficient certificate and key length validation...

CLSA-2025-1760022476 opensc: Fix of CVE-2023-2977

CVE-2023-2977: correct left length calculation to fix buffer overrun bug...

Advisory ROSA-SA-2025-3013

software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...

Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

...

Linux Distros Unpatched Vulnerability : CVE-2018-16425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double free when handling responses from an HSM Card in scpkcs15emuschsminit in libopensc/pkcs15-sc- hsm.c in OpenSC before 0.19.0-rc1 could be used by...

Linux Distros Unpatched Vulnerability : CVE-2018-16426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by...

ROS-20250717-03

A vulnerability in the OpenSC smart card handling library is related to information disclosure via a inconsistency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Linux Distros Unpatched Vulnerability : CVE-2021-42782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. CVE-2021-4278...

Linux Distros Unpatched Vulnerability : CVE-2021-42781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

The vulnerability of the PKCS15-INIT personalization utility and the libopensc library, which are part of the software tools and libraries for working with smart cards in OpenSC, allows a violator to gain unauthorized access to protected information.

The vulnerability of the pkcs15-init personalization utility and the libopensc library related to the OpenSC software suite involves an operation that occurs outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

UBUNTU-CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

AZL-9483 CVE-2021-42780 affecting package opensc for versions less than 0.22.0-1

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

AZL-9485 CVE-2021-42782 affecting package opensc for versions less than 0.22.0-1

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library...

AZL-9481 CVE-2021-42778 affecting package opensc for versions less than 0.22.0-1

A heap double free issue was found in Opensc before version 0.22.0 in scpkcs15freetokeninfo...

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

UBUNTU-CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

AZL-6773 CVE-2020-26571 affecting package opensc for versions less than 0.22.0-1

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit...

opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...