OpenPGP Message Vulnerability in GnuPG and GPGME by GnuPG
CVE-2007-1263

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
6 March 2007

Summary

GnuPG versions 1.4.6 and earlier, along with GPGME prior to 1.1.4, are susceptible to a vulnerability that fails to visually separate signed and unsigned sections of OpenPGP messages when executed via the command line. This oversight could enable attackers to manipulate the content of messages undetected, potentially leading to the spread of false or misleading information.

References

EPSS Score

16% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.