CVE-2014-3564
https://notcve.org/view.php?id=CVE-2014-3564
Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order." Múltiples desbordamientos de buffer basado en memoria dinámica en la función status_handler en (1) engine-gpgsm.c y (2) engine-uiserver.c en GPGME anterior a 1.5.1 permiten a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores relacionados con 'longitudes de línea diferentes en un orden especifico.' • http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git%3Ba=commit%3Bh=2cbd76f7911fc215845e89b50d6af5ff4a83dd77 http://seclists.org/oss-sec/2014/q3/266 http://www.debian.org/security/2014/dsa-3005 http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html http://www.osvdb.org/109699 http://www.securityfocus.com/bid/68990 https://bugzilla.redhat.com/show_bug.cgi?id=1113267 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-1263 – GnuPG 1.x - Signed Message Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1263
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a message without detection. GnuPG 1.4.6 y anteriores y GPGME anterior a 1.1.4, al ser ejecutado desde la línea de comandos, no distingue visualmente trozos firmados de no firmados en mensajes OpenPGP con múltiples componentes, lo cual podría permitir a atacantes remotos falsificar el contenido de un mensaje sin ser detectado. • https://www.exploit-db.com/exploits/29689 ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2775 http://fedoranews.org/cms/node/2776 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0008.html http://secunia.com/advisories/24365 http://secunia.com/advisories/24407 http://secunia.com/advisories/24419 http://secunia.com/advisories/24420 http •