GnuPG contains a flaw that may allow a malicious user to execute arbitrary code in the context of a user decrypting a given file. The issue is triggered when the attacker sends the victim a GPG message with a crafted filename, exploiting a format string vulnerability in the tty_printf() function. It is possible that the flaw may allow execution of code in the context of the target user, resulting in a loss of integrity.
Local Access Required,
Remote / Network Access,
Local / Remote,
Loss of Integrity
Upgrade to version 1.0.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.