CVE-2006-6169

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4 and 2.0

Description The issue is related to multiple vulnerabilities in the GnuPG package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a heap-based buffer overflow in the ask outfile name function in openfile.c for GnuPG, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions.

Recommendations For GnuPG versions 1.4 and 2.0, consider disabling the ask outfile name function in openfile.c to minimize the risk of exploitation until a patch is available. Restrict access to the make printable string function to prevent attackers from executing arbitrary code.