Multiple heap-based buffer overflows in the status_handler function in (1) engine-gpgsm.c and (2) engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."
https://bugzilla.redhat.com/show_bug.cgi?id=1113267
http://www.securityfocus.com/bid/68990
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.debian.org/security/2014/dsa-3005