GnuPG Multiple Potential Vulnerabilities

GnuPG Multiple Potential Vulnerabilities

GnuPG is potentially prone to multiple remote vulnerabilities. These issues are only 'potential' vulnerabilities, becuase they arise due to a code audit resulting in patches designed to add bounds checking and other fixes to the source code. The code audit lacked sufficient detail to determine if the fixes address actual vulnerabilities.

Reportedly, these issues are due primarily to integer-overflow and buffer-overflow flaws. Other issues may also be present. Successfully exploiting the issues may allow an attacker to execute arbitrary code in the context of the affected application.

The audit was performed on GnuPG version 1.4.6; therefore, if these issues are actual vulnerabilities they will affect that version. Other versions may also be affected.