JLSEC-2026-562 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary...

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

SUSE CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

CVE-2025-68972

CVE-2025-68972 affects GnuPG/gnupg2 <= 2.4.8, where a signed message ending a plaintext line with the form feed (\f) can allow an adversary to craft a modified message that still passes signature verification, with an “invalid armor” message printed during verification. Connected advisories in...

CVE-2025-68972

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

PT-2025-53629

Name of the Vulnerable Software and Affected Versions GnuPG versions through 2.4.8 Description The software is susceptible to a signature verification bypass. If a signed message includes the character 'f' at the end of a plaintext line, an attacker can modify the message to add text after the...