An integer underflow flaw, leading to a heap-based buffer overflow, was found in the ksba_oid_to_str function of libksba, an X.509 and CMS library. By using special crafted S/MIME messages or ECC based OpenPGP data, it is possible to create a buffer overflow, which could cause an application using libksba to crash , or potentially, execute arbitrary code.