The Heap Buffer Overflow vulnerability was identified within the OpenPGP driver during the card enrollment process using the pkcs15-init tool to generate RSA or ECDSA key when a user or administrator enrolls or modifies cards, but it can also be encountered when using the driver for key generation (for example via openpgp-tool).