CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

CLSA-2025-1765902200 opensc: Fix of CVE-2024-45619

CVE-2024-45619: fix insufficient certificate and key length validation...

CLSA-2025-1760022476 opensc: Fix of CVE-2023-2977

CVE-2023-2977: correct left length calculation to fix buffer overrun bug...

Advisory ROSA-SA-2025-3013

software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...

Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

...

Linux Distros Unpatched Vulnerability : CVE-2018-16425

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A double free when handling responses from an HSM Card in scpkcs15emuschsminit in libopensc/pkcs15-sc- hsm.c in OpenSC before 0.19.0-rc1 could be used by...

Linux Distros Unpatched Vulnerability : CVE-2018-16426

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card- iasecc.c in OpenSC before 0.19.0-rc1 could be used by...

ROS-20250717-03

A vulnerability in the OpenSC smart card handling library is related to information disclosure via a inconsistency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

Linux Distros Unpatched Vulnerability : CVE-2021-42781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

Linux Distros Unpatched Vulnerability : CVE-2021-42782

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. CVE-2021-4278...

UBUNTU-CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

AZL-9481 CVE-2021-42778 affecting package opensc for versions less than 0.22.0-1

A heap double free issue was found in Opensc before version 0.22.0 in scpkcs15freetokeninfo...

AZL-9485 CVE-2021-42782 affecting package opensc for versions less than 0.22.0-1

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library...

AZL-9483 CVE-2021-42780 affecting package opensc for versions less than 0.22.0-1

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library...

UBUNTU-CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insertpin function that could potentially crash programs using the library...

AZL-6773 CVE-2020-26571 affecting package opensc for versions less than 0.22.0-1

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in scpkcs15emugemsafeGPKinit...

opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

CVE-2018-16426

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...