VulnerableCode Package Details - pkg:deb/debian/pcsc-lite@1.2.9-beta7-5

Search for packages

Vulnerability	Summary	Fixed by
VCID-pdy2-vp8x-eyfc Aliases: CVE-2016-10109	Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.	1.8.13-1+deb8u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.8.20-1 Affected by 0 other vulnerabilities.
VCID-sdqm-5fw4-b3dp Aliases: CVE-2010-0407	Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.	1.5.5-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-sz66-b9kt-7yf7 Aliases: CVE-2010-4531	Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.	1.5.5-4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-pdy2-vp8x-eyfc
Aliases:
CVE-2016-10109

Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of service (crash) via a command that uses "cardsList" after the handle has been released through the SCardReleaseContext function.

1.8.13-1+deb8u1
Affected by 1 other vulnerability.

1.8.20-1
Affected by 0 other vulnerabilities.

VCID-sdqm-5fw4-b3dp
Aliases:
CVE-2010-0407

Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.

1.5.5-4
Affected by 1 other vulnerability.

VCID-sz66-b9kt-7yf7
Aliases:
CVE-2010-4531

Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.

1.5.5-4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T04:08:58.609512+00:00	Debian Oval Importer	Affected by	VCID-sz66-b9kt-7yf7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:10:08.798682+00:00	Debian Oval Importer	Affected by	VCID-sdqm-5fw4-b3dp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:05:35.503823+00:00	Debian Oval Importer	Affected by	VCID-pdy2-vp8x-eyfc	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T21:36:45.296791+00:00	Debian Oval Importer	Affected by	VCID-pdy2-vp8x-eyfc	https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2	38.6.0