PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does not properly implement the "Decrypt/Verify File via Right-Click" functionality for multi-packet OpenPGP messages that represent multi-message input, which allows remote attackers to spoof signed data by concatenating an additional message to the end of a legitimately signed message, related to a "piggy-back" or "unsigned data injection" issue.
2010-11-22T13:00:16.957
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | pgp | desktop_for_windows | ≤ 10.0.3 | Yes |
| Application | pgp | desktop_for_windows | 10.0.0 | Yes |
| Application | pgp | desktop_for_windows | 10.0.1 | Yes |
| Application | pgp | desktop_for_windows | 10.0.2 | Yes |
| Application | pgp | desktop_for_windows | 10.0.3 | Yes |
| Application | pgp | desktop_for_windows | 10.1.0 | Yes |
| Application | pgp | desktop_for_mac | ≤ 10.0.3 | Yes |
| Application | pgp | desktop_for_mac | 10.0.0 | Yes |
| Application | pgp | desktop_for_mac | 10.0.1 | Yes |
| Application | pgp | desktop_for_mac | 10.0.2 | Yes |
| Application | pgp | desktop_for_mac | 10.0.3 | Yes |
| Application | pgp | desktop_for_mac | 10.1.0 | Yes |