Multiple Operations on Resource in Single-Operation Context

CVE-2025-68973

High

7.8/10

Summary

In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-675 - Multiple Operations on Resource in Single-Operation Context

The product performs the same operation on a resource two or more times, when the operation should only be applied once.

References

Advisory Timeline

Published Dec 28, 2025

Multiple Operations on Resource in Single-Operation Context

CVE-2025-68973

Summary

CWE-675 - Multiple Operations on Resource in Single-Operation Context

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS