{"id":"MGASA-2025-0096","summary":"Updated opensc packages fix security vulnerabilities","details":"Heap buffer overflow in openpgp driver when generating key.\n(CVE-2024-8443)\nUsage of uninitialized values in libopensc and pkcs15init.\n(CVE-2024-45615)\nUninitialized values after incorrect check or usage of apdu response\nvalues in libopensc. (CVE-2024-45616)\nUninitialized values after incorrect or missing checking return values\nof functions in libopensc. (CVE-2024-45617)\nUninitialized values after incorrect or missing checking return values\nof functions in pkcs15init. (CVE-2024-45618)\nIncorrect handling length of buffers or files in libopensc.\n(CVE-2024-45619)\nIncorrect handling of the length of buffers or files in pkcs15init.\n(CVE-2024-45620)\n","modified":"2026-02-02T13:41:43.410535Z","published":"2025-03-13T18:25:04Z","related":["CVE-2024-45615","CVE-2024-45616","CVE-2024-45617","CVE-2024-45618","CVE-2024-45619","CVE-2024-45620","CVE-2024-8443"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0096.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34087"},{"type":"REPORT","url":"https://ubuntu.com/security/notices/USN-7346-1"}],"affected":[{"package":{"name":"opensc","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/opensc?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.25.0-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0096.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}