opensc is vulnerable to out-of-bounds access. It is possible because of a flaw in ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.
www.openwall.com/lists/oss-security/2019/12/29/1
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index
access.redhat.com/errata/RHSA-2020:4483
access.redhat.com/security/updates/classification/#moderate
github.com/OpenSC/OpenSC/commit/412a6142c27a5973c61ba540e33cdc22d5608e68
github.com/OpenSC/OpenSC/compare/f1691fc...12218d4
lists.debian.org/debian-lts-announce/2019/09/msg00009.html
lists.debian.org/debian-lts-announce/2021/11/msg00027.html
lists.fedoraproject.org/archives/list/[email protected]/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/