VYPR

openscad

by Openscad

Source repositories

CVEs (52)

  • CVE-2023-4535MedNov 6, 2023
    risk 0.00cvss 4.5epss 0.00

    An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows…

  • CVE-2023-2977HigJun 1, 2023
    risk 0.00cvss 7.1epss 0.00

    A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2…

  • CVE-2022-0497HigAug 29, 2022
    risk 0.00cvss 7.1epss 0.00

    A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.

  • CVE-2022-0496MedAug 29, 2022
    risk 0.00cvss 5.5epss 0.00

    A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().

  • CVE-2021-42782MedApr 18, 2022
    risk 0.00cvss 5.3epss 0.03

    Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

  • CVE-2021-42781MedApr 18, 2022
    risk 0.00cvss 5.3epss 0.03

    Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

  • CVE-2021-42780MedApr 18, 2022
    risk 0.00cvss 5.3epss 0.02

    A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

  • CVE-2021-42779MedApr 18, 2022
    risk 0.00cvss 5.3epss 0.02

    A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

  • CVE-2021-42778MedApr 18, 2022
    risk 0.00cvss 5.3epss 0.02

    A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

  • CVE-2020-26572MedOct 6, 2020
    risk 0.00cvss 5.5epss 0.00

    The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

  • CVE-2020-26570MedOct 6, 2020
    risk 0.00cvss 5.5epss 0.00

    The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

  • CVE-2019-19481MedDec 1, 2019
    risk 0.00cvss 4.6epss 0.00

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.

  • CVE-2019-19480MedDec 1, 2019
    risk 0.00cvss 4.6epss 0.01

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/pkcs15-prkey.c has an incorrect free operation in sc_pkcs15_decode_prkdf_entry.

  • CVE-2019-19479MedDec 1, 2019
    risk 0.00cvss 5.5epss 0.00

    An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.

  • CVE-2019-15946MedSep 5, 2019
    risk 0.00cvss 6.4epss 0.00

    OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.

  • CVE-2019-15945MedSep 5, 2019
    risk 0.00cvss 6.4epss 0.00

    OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.

  • CVE-2018-16427MedSep 4, 2018
    risk 0.00cvss 4.3epss 0.00

    Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.

  • CVE-2018-16426MedSep 4, 2018
    risk 0.00cvss 4.3epss 0.01

    Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.

  • CVE-2018-16425MedSep 4, 2018
    risk 0.00cvss 6.6epss 0.01

    A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified…

  • CVE-2018-16424MedSep 4, 2018
    risk 0.00cvss 6.6epss 0.01

    A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.