CVE-2014-3564

Priority
Medium
Description
Multiple heap-based buffer overflows in the status_handler function in (1)
engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via vectors related to "different line lengths in a specific
order."
References
Bugs
Assigned-to
mdeslaur
Package
Upstream:released (1.5.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.0-1.2ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.2.0-1.4ubuntu2.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1.4.3-0.1ubuntu5.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.4.3-0.1ubuntu6)
Patches:
Upstream:http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
More Information

Valid XHTML 1.0 Strict

Updated: 2014-10-22 15:14:37 UTC (commit 8633)