Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mageia | Mageia | 3.0 (including) | 3.0 (including) |
| Mageia | Mageia | 4.0 (including) | 4.0 (including) |
| Libksba | Ubuntu | lucid | * |
| Libksba | Ubuntu | precise | * |
| Libksba | Ubuntu | trusty | * |
| Libksba | Ubuntu | upstream | * |
| Libksba | Ubuntu | utopic | * |