An integer underflow flaw, leading to a heap-based buffer overflow, was
found in the ksba_oid_to_str() function of libksba, an X.509 and CMS
(PKCS#7) library. By using special crafted S/MIME messages or ECC based
OpenPGP data, it is possible to create a buffer overflow, which could
cause an application using libksba to crash (denial of service), or
potentially, execute arbitrary code.