8 matches found
CVE-2026-27015
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a missing bounds check in smartcardunpackreadsizealign libfreerdp/utils/smartcardpack.c:1703 allows a malicious RDP server to crash the FreeRDP client via a reachable WINPRASSERT → abort. The crash occurs in...
SUSE CVE-2018-16425
A double free when handling responses from an HSM Card in scpkcs15emuschsminit in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...
CVE-2018-4179
In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic...
MGASA-2019-0019 Updated opensc packages fix security vulnerabilities
Several buffer overflows when handling responses from a Muscle Card in musclelistfiles in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...
CVE-2018-16393
Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafegetcertlen in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified...
spice: heap-based memory corruption within smartcard handling
A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code wit...
spice-server security update
0.12.4-13.1 - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150...
spice security update
0.12.4-15.1 - Fix heap-based memory corruption within smartcard handling Resolves: CVE-2016-0749 - Fix host memory access from guest with invalid primary surface parameters Resolves: CVE-2016-2150...