There is a heap buffer overflow in libgcrypt due to an incorrect assumption in the block buffer management code. Just decrypting some data can overflow a heap buffer with attacker controlled data and no verification or signature is validated before the vulnerability occurs.
116febb937a201a0c4eba25cc3b30fe506befd25359b35fcac75d7c488a642f1