CVE-2026-40528
3.8 LOWOpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in s...
Published: 2026-05-29 · Last updated: 2026-06-03
Severity and scoring
- CVSS
- 3.8 LOW
- Vector
- CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
- CWE
- CWE-121, CWE-122
Affected products
| Vendor | Product |
|---|---|
| opensc_project | opensc |
Description
OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15init/profile.c that allows attackers to corrupt memory by supplying a crafted profile configuration file. During pkcs15-init invocation, a key value entry beginning with '=' followed by more than sizeof(keybuf) characters is copied into keybuf via memcpy without a length check, causing both stack and heap buffer overruns.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-40510 — OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopen... (3.8 LOW)
Same CWE
- CVE-2026-53465 — ImageMagick is free and open-source software used for editing and manipulating digital images (6.2 MEDIUM)
- CVE-2026-48994 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.9 MEDIUM)
- CVE-2026-46692 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-46520 — ImageMagick is free and open-source software used for editing and manipulating digital images (7.5 HIGH)
- CVE-2026-2049 — GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability (7.8 HIGH)