CVE-2025-68973

Summary

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Affected Software

VendorProductVersion RangeStatus
GnuPGGnuPG0 < 2.2.51affected
GnuPGGnuPG2.3.0 < 2.4.9affected

Weaknesses

  • CWE-675: CWE-675 Multiple Operations on Resource in Single-Operation Context

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References