OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1decodeentry in libopensc/asn1.c.
[
{
"signature_version": "v1",
"id": "CVE-2019-15946-474477e2",
"source": "https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740",
"digest": {
"threshold": 0.9,
"line_hashes": [
"144373587500690818507003904206410356003",
"148102426093319846627226247161866438541",
"152613503459311009974684643923559563409",
"189033476452025105233726194714004011925"
]
},
"deprecated": false,
"target": {
"file": "src/libopensc/asn1.c"
},
"signature_type": "Line"
},
{
"signature_version": "v1",
"id": "CVE-2019-15946-762eb016",
"source": "https://github.com/opensc/opensc/commit/a3fc7693f3a035a8a7921cffb98432944bb42740",
"digest": {
"length": 4599.0,
"function_hash": "261759861244261629003110721538662186476"
},
"deprecated": false,
"target": {
"function": "asn1_decode_entry",
"file": "src/libopensc/asn1.c"
},
"signature_type": "Function"
}
]