OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
},
{
"introduced": "9.0"
},
{
"last_affected": "9.0"
}
],
"source": "CPE_STRING"
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*"
],
"vendor_product": "fedoraproject:fedora",
"extracted_events": [
{
"introduced": "31"
},
{
"last_affected": "31"
}
],
"source": "CPE_STRING"
}
]
}{
"cpe": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.19.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"297175338200415450495469453137505148979",
"324464793528311656715900885897677107677",
"235162866907379193967776824386251535809",
"148892391738533823772808675824081347164",
"271007510155698596031020343162910857595",
"17928902979717757606177869801051367107",
"6680214412565745825158616163531721129",
"308450731521761626803739219073195203892",
"235313599250259173294102152659145129581",
"184459165867828565842888035184684183514",
"66599990226266053176047532713479330761",
"234365475496651906006414592092147041548"
]
},
"target": {
"file": "src/libopensc/asn1.c"
},
"id": "CVE-2019-15945-5ff9212e",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/opensc/opensc/commit/412a6142c27a5973c61ba540e33cdc22d5608e68",
"deprecated": false
},
{
"digest": {
"function_hash": "73470549151581179276510363648036828424",
"length": 675.0
},
"target": {
"function": "decode_bit_string",
"file": "src/libopensc/asn1.c"
},
"id": "CVE-2019-15945-b438983c",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/opensc/opensc/commit/412a6142c27a5973c61ba540e33cdc22d5608e68",
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15945.json"
"2026-07-08T15:55:34Z"