CVE-2025-68973

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.4.9 GnuPG versions 2.2.51 and earlier

Description The issue resides in the armor filter function within the g10/armor.c file. A flaw exists due to two increments of an index variable where only one is intended. This leads to an out-of-bounds write condition when processing crafted input. Exploitation of this issue by a remote attacker could potentially lead to arbitrary code execution through the submission of a specially crafted PGP message. The vulnerability is related to an integer overflow.

Recommendations GnuPG versions prior to 2.4.9: Upgrade to version 2.4.9 or later. GnuPG versions 2.2.51 and earlier: Upgrade to version 2.2.51 or later.

Exploit

Fix

Memory Corruption

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-190CWE-675

Related Identifiers

ALSA-2026:0697

ALSA-2026:0719

ALSA-2026:0728

AZL-73204

AZL-73367

BDU:2025-16426

CVE-2025-68973

ECHO-28BA-D9BF-3B84

OESA-2026-1072

OPENSUSE-SU-2026:10001-1

OPENSUSE-SU-2026:20029-1

RHSA-2026:0697

RHSA-2026:0719

RHSA-2026:0728

RHSA-2026:0935

RHSA-2026:0974

RHSA-2026:1014

RHSA-2026:1229

RHSA-2026:1230

RHSA-2026:1468

RHSA-2026:1629

RHSA-2026:1677

RHSA-2026:1705

RHSA-2026:1719

SUSE-SU-2026:0214-1

SUSE-SU-2026:0215-1

SUSE-SU-2026:0378-1

SUSE-SU-2026:20080-1

SUSE-SU-2026:20108-1

SUSE-SU-2026:20243-1

SUSE-SU-2026:20356-1

USN-7946-1

USN-7946-2

Affected Products

Debian

Gnupg

Linuxmint

Red Os

Rocky Linux

Ubuntu

CVE-2025-68973

Weakness Enumeration

Related Identifiers

Affected Products

References · 100