CVE-2014-1646

Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.

Published: Apr 23, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-1646
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
symantec / encryption_desktop	10.3.0	10.3.0.x
symantec / encryption_desktop	10.3.2	10.3.2.x
symantec / encryption_desktop	10.3.1	10.3.1.x
symantec / pgp_desktop	10.2.2	10.2.2.x
symantec / pgp_desktop	10.1.0	10.1.0.x
symantec / pgp_desktop	10.2.0	10.2.0.x
symantec / pgp_desktop	10.1.1	10.1.1.x
symantec / pgp_desktop	10.0.0	10.0.0.x
symantec / pgp_desktop	10.0.2	10.0.2.x
symantec / pgp_desktop	10.0.3	10.0.3.x
symantec / pgp_desktop	10.1.2	10.1.2.x
symantec / pgp_desktop	10.0.1	10.0.1.x
symantec / pgp_desktop	10.2.1	10.2.1.x

Vulnerability Database

290,206

CVE-2014-1646