{"id":"CVE-2019-15946","details":"OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.","modified":"2026-04-16T04:39:29.140520269Z","published":"2019-09-05T17:15:12.047Z","related":["SUSE-SU-2021:0998-1","SUSE-SU-2021:1168-1","SUSE-SU-2022:1041-1","openSUSE-SU-2021:0565-1","openSUSE-SU-2024:11123-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00027.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/12/29/1"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00009.html"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/commit/a3fc7693f3a035a8a7921cffb98432944bb42740"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/compare/f1691fc...12218d4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensc/opensc","events":[{"introduced":"0"},{"last_affected":"f1691fc91fc113191c3a8aaf5facd6983334ec47"},{"fixed":"a3fc7693f3a035a8a7921cffb98432944bb42740"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.19.0"}]}}],"versions":["0.12.2","0.12.2-rc1","0.13.0","0.13.0pre1","0.13.0rc1","0.14.0","0.14.0rc2","0.14.0rtm","0.15.0","0.16.0","0.17.0","0.17.0-rc1","0.17.0-rc2","0.18.0","0.18.0-rc1","0.18.0-rc2","0.19.0","0.19.0-rc1","v0.12.2","v0.16.0-pre1"],"database_specific":{"vanir_signatures":[{"id":"CVE-2019-15946-474477e2","deprecated":false,"digest":{"line_hashes":["144373587500690818507003904206410356003","148102426093319846627226247161866438541","152613503459311009974684643923559563409","189033476452025105233726194714004011925"],"threshold":0.9},"source":"https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740","target":{"file":"src/libopensc/asn1.c"},"signature_type":"Line","signature_version":"v1"},{"id":"CVE-2019-15946-762eb016","deprecated":false,"digest":{"function_hash":"261759861244261629003110721538662186476","length":4599},"source":"https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740","target":{"function":"asn1_decode_entry","file":"src/libopensc/asn1.c"},"signature_type":"Function","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T11:39:59Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15946.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"31"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}