CVE-2026-24883 - Gnupg Gnupg and Gpg4win Gpg4win

Low 3.7

In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).

Affected software

Gnupg Gnupg

Gpg4win Gpg4win

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.