CVE-2014-3564
Published: 1 August 2014
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
Priority
Status
Package | Release | Status |
---|---|---|
gpgme1.0 Launchpad, Ubuntu, Debian |
lucid |
Released
(1.2.0-1.2ubuntu1.1)
|
precise |
Released
(1.2.0-1.4ubuntu2.1)
|
|
trusty |
Released
(1.4.3-0.1ubuntu5.1)
|
|
upstream |
Released
(1.5.1)
|
|
Patches: upstream: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 |