Every CVE whose affected-product data names Opensc Project Opensc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2019-6502 — CVSS 7.5 (high): sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.
CVE-2021-34193 — CVSS 7.5 (high): Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
CVE-2019-16058 — CVSS 7.5 (high): An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than…
CVE-2023-2977 — CVSS 7.1 (high): A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The…
CVE-2019-20792 — CVSS 6.8 (medium): OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a…
CVE-2018-16391 — CVSS 6.8 (medium): Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before…
CVE-2018-16392 — CVSS 6.8 (medium): Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1…
CVE-2018-16393 — CVSS 6.8 (medium): Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in…
CVE-2018-16418 — CVSS 6.6 (medium): A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by…
CVE-2018-16423 — CVSS 6.6 (medium): A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used…
CVE-2018-16424 — CVSS 6.6 (medium): A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by…
CVE-2018-16425 — CVSS 6.6 (medium): A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1…
CVE-2023-40660 — CVSS 6.6 (medium): A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform…
CVE-2018-16421 — CVSS 6.6 (medium): Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before…
CVE-2018-16419 — CVSS 6.6 (medium): Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before…
CVE-2018-16422 — CVSS 6.6 (medium): A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in…
CVE-2018-16420 — CVSS 6.6 (medium): Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before…
CVE-2019-15945 — CVSS 6.4 (medium): OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
CVE-2019-15946 — CVSS 6.4 (medium): OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.
CVE-2023-5992 — CVSS 5.6 (medium): A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may…
CVE-2020-26570 — CVSS 5.5 (medium): The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.
CVE-2020-26571 — CVSS 5.5 (medium): The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.
CVE-2020-26572 — CVSS 5.5 (medium): The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
CVE-2019-19479 — CVSS 5.5 (medium): An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation…
CVE-2023-40661 — CVSS 5.4 (medium): Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init…
CVE-2021-42780 — CVSS 5.3 (medium): A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the…
CVE-2021-42781 — CVSS 5.3 (medium): Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the…
CVE-2021-42782 — CVSS 5.3 (medium): Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the…
CVE-2019-19481 — CVSS 4.6 (medium): An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC…
CVE-2019-19480 — CVSS 4.6 (medium): An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in…
CVE-2023-4535 — CVSS 4.5 (medium): An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting…
CVE-2018-16427 — CVSS 4.3 (medium): Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted…
CVE-2018-16426 — CVSS 4.3 (medium): Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1…
CVE-2024-45619 — CVSS 4.3 (medium): A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart…
CVE-2024-45617 — CVSS 3.9 (low): A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart…
CVE-2025-66037 — CVSS 3.9 (low): OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader…
CVE-2025-66038 — CVSS 3.9 (low): OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for…
CVE-2024-45618 — CVSS 3.9 (low): A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the…
CVE-2024-45616 — CVSS 3.9 (low): A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart…
CVE-2024-45620 — CVSS 3.9 (low): A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present…
CVE-2024-45615 — CVSS 3.9 (low): A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables…
CVE-2025-66215 — CVSS 3.8 (low): OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the…
CVE-2026-40528 — CVSS 3.8 (low): OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in…
CVE-2025-49010 — CVSS 3.8 (low): OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the…
CVE-2026-40510 — CVSS 3.8 (low): OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in…
CVE-2024-1454 — CVSS 3.4 (low): The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using…
CVE-2024-8443 — CVSS 2.9 (low): A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious…