CVE-2014-3564

EPSS 3.2%

gpgme1.0 - security update

Published: 10/20/2014Modified: 3/9/2026

Also known as:DEBIAN-CVE-2014-3564DLA-39-1

Description

Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."

Affected packages (3)

Debian/gpgme1.0from 0, < 1.5.1-1
Debian/gpgme1.0from 0, < 1.2.0-1.2+deb6u1
Debian/gpgme1.0from 0, < 1.2.0-1.4+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-3564