A vulnerability was found in PCSC-Lite. The SCardReleaseContext function normally releases resources associated with the given handle (including "cardsList") and clients should cease using this handle. A malicious client can however make the daemon invoke SCardReleaseContext and continue issuing other commands that use "cardsList", resulting in a use-after-free. When SCardReleaseContext is invoked multiple times, it additionally results in a double-free of "cardsList".
Created pcsc-lite tracking bugs for this issue:
Affects: fedora-all [bug 1410075]