{"id":"JLSEC-2026-563","summary":"In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where...","details":"In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)","modified":"2026-05-27T18:32:54.965406673Z","published":"2026-05-27T18:18:39.624Z","upstream":["CVE-2025-68973","EUVD-2025-205519","GHSA-pj23-86ww-f72p"],"database_specific":{"license":"CC-BY-4.0","sources":[{"imported":"2026-05-27T16:52:13.925Z","published":"2025-12-28T17:16:01.500Z","database_specific":{"status":"Modified"},"id":"CVE-2025-68973","url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-68973","modified":"2026-01-14T19:16:46.857Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68973"},{"url":"https://api.github.com/advisories/GHSA-pj23-86ww-f72p","published":"2025-12-28T18:30:26Z","imported":"2026-05-27T16:52:15.936Z","id":"GHSA-pj23-86ww-f72p","modified":"2026-01-14T21:35:07Z","html_url":"https://github.com/advisories/GHSA-pj23-86ww-f72p"},{"url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2025-205519","published":"2025-12-28T16:19:11Z","imported":"2026-05-27T16:52:14.561Z","id":"EUVD-2025-205519","modified":"2026-04-30T03:55:53Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-205519"}]},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/12/29/11"},{"type":"WEB","url":"https://github.com/advisories/GHSA-pj23-86ww-f72p"},{"type":"WEB","url":"https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306"},{"type":"WEB","url":"https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9"},{"type":"WEB","url":"https://github.com/gpg/gnupg/compare/gnupg-2.2.50...gnupg-2.2.51"},{"type":"WEB","url":"https://gpg.fail/memcpy"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2026/01/msg00008.html"},{"type":"WEB","url":"https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i"},{"type":"WEB","url":"https://news.ycombinator.com/item?id=46403200"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68973"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2025/12/28/5"}],"affected":[{"package":{"name":"GnuPG_jll","ecosystem":"Julia","purl":"pkg:julia/GnuPG_jll?uuid=1522389b-45f8-5faa-af4d-a301b79c50ac"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.5.16+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-563.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}