High severity7.5NVD Advisory· Published Feb 23, 2017· Updated May 13, 2026

CVE-2016-10109

Description

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2017/01/03/3nvdMailing ListThird Party Advisory
www.ubuntu.com/usn/USN-3176-1nvdThird Party Advisory
lists.alioth.debian.org/pipermail/pcsclite-muscle/Week-of-Mon-20161226/000779.htmlnvdVendor Advisory
www.debian.org/security/2017/dsa-3752nvd
www.securityfocus.com/bid/95263nvd
lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Envd
lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Envd
salsa.debian.org/rousseau/PCSC/-/commit/697fe05967af7ea215bcd5d5774be587780c9e22nvd
security.gentoo.org/glsa/201702-01nvd

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000