CVE-2009-4901

Name of the Vulnerable Software and Affected Versions PCSC-Lite versions prior to 1.5.4

Description The issue is related to the MSGFunctionDemarshall function in winscard svc.c, which might allow local users to cause a denial of service (daemon crash) via crafted SCARD SET ATTRIB message data. This is due to improper demarshalling, triggering a buffer over-read.

Recommendations For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the MSGFunctionDemarshall function to minimize the risk of exploitation.