CVE-2014-4617

Description

The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.

Affected packages (5)

• Debian/gnupgfrom 0, < 1.4.10-4+squeeze5
• Debian/gnupgfrom 0, < 1.4.12-7+deb7u4
• Debian/gnupg2from 0, < 2.0.24-1
• Debian/gnupg2from 0, < 2.0.14-2+squeeze2
• Debian/gnupg2from 0, < 2.0.19-2+deb7u2

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-4617