Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature...
9.8CVSS
9.5AI Score
0.002EPSS
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status...
6.5CVSS
6.7AI Score
0.004EPSS
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME...
9.8CVSS
9.6AI Score
0.005EPSS
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few...
3.3CVSS
4.1AI Score
0.0005EPSS