Vulnerability identifier: #VU13258
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to conduct spoofing attack.
The vulnerability exists due to an input validation flaw in the processing of filenames when displaying the filename. A remote attacker can send a signed and encrypted email message that includes the specially crafted name of the original input file, spoof status messages and fake the verification status of a signed email message.
Update to version 2.2.8.
Vulnerable software versions
GnuPG: 2.2.4 - 2.2.7
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?