{"id":"CVE-2019-19481","details":"An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.","modified":"2026-04-16T04:38:45.513588703Z","published":"2019-12-01T23:15:10.807Z","related":["SUSE-SU-2022:1041-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/"},{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18618"},{"type":"FIX","url":"https://github.com/OpenSC/OpenSC/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2019/12/29/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opensc/opensc","events":[{"introduced":"0"},{"last_affected":"f1691fc91fc113191c3a8aaf5facd6983334ec47"},{"introduced":"0"},{"last_affected":"12218d4b0b295d01b81c1e915282b06da438a7f1"},{"introduced":"0"},{"last_affected":"eac516fd41c62fe7166c2054666267993d85cc3d"},{"introduced":"0"},{"last_affected":"01678e871e4bb30dd4bde7bf8b2a63c5cddb6a11"},{"fixed":"b75c002cfb1fd61cd20ec938ff4937d7b1a94278"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.19.0-NA"},{"introduced":"0"},{"last_affected":"0.20.0-rc1"},{"introduced":"0"},{"last_affected":"0.20.0-rc2"},{"introduced":"0"},{"last_affected":"0.20.0-rc3"}]}}],"versions":["0.12.2","0.12.2-rc1","0.13.0","0.13.0pre1","0.13.0rc1","0.14.0","0.14.0rc2","0.14.0rtm","0.15.0","0.16.0","0.17.0","0.17.0-rc1","0.17.0-rc2","0.18.0","0.18.0-rc1","0.18.0-rc2","0.19.0","0.19.0-rc1","0.20.0-rc1","0.20.0-rc2","0.20.0-rc3","v0.12.2","v0.16.0-pre1"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":1804,"function_hash":"189796757233420035366764386465414775224"},"id":"CVE-2019-19481-98aec3cf","source":"https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278","target":{"function":"cac_read_binary","file":"src/libopensc/card-cac1.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"length":1216,"function_hash":"172535176475497180497442667315780321309"},"id":"CVE-2019-19481-aa771868","source":"https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278","target":{"function":"cac_cac1_get_certificate","file":"src/libopensc/card-cac1.c"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"line_hashes":["111373285869590301901788120333576930100","77698511683037410575331158082653756719","273616107659295731614926021083627764066","334827262301003682911591777866694837779","35167700645591702568842934822718756163","167916283527506075229918457864510764679","160637723847752232309012385792564332546","67766559596816410963586224821672125746","161170193942755711454602625320675028848","256643953941796997051543871300579042697","33270032802398029811089922548528544589","82441505421696923204806749368486025678","292129794305514931969203314138896501785","236733298990358685809239477618104150189","114860608003072413783369965954260825910","217391383372655397584067361156904254766","136231979249826060844140870900669231875","8071045375367627834132348254841800521"],"threshold":0.9},"id":"CVE-2019-19481-b7662d5f","source":"https://github.com/opensc/opensc/commit/b75c002cfb1fd61cd20ec938ff4937d7b1a94278","target":{"file":"src/libopensc/card-cac1.c"},"deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19481.json","vanir_signatures_modified":"2026-04-11T09:39:46Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}