By vendor

Opensc_project vulnerabilities

Known CVEs affecting Opensc_project products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-40510LOW 3.8

    OpenSC, a widely-used open-source smart card library, contains a stack buffer overflow flaw in how it processes the Key History Object from PIV (Personal Identity Verification) cards. An attacker with physical access to a system could craft a malicious smart card or USB device that returns an oversized URL field—exceeding 118 bytes—triggering memory corruption. This vulnerability requires the attacker to be physically present at the machine and involves user interaction, limiting its reach but posing a real concern in environments where untrusted hardware may be connected.

  • CVE-2026-40528LOW 3.8

    OpenSC, a widely-used open-source library for working with smart cards and cryptographic tokens, contains a buffer overflow vulnerability in its profile configuration parser. When OpenSC's pkcs15-init tool processes a maliciously crafted configuration file, it can be tricked into copying more data than a buffer can hold, corrupting memory. An attacker would need local access to supply the malicious file and convince a user to run the initialization tool, but successful exploitation could allow memory corruption and potential code execution.