Multiple heap-based buffer overflows in the status_handler function in engine-gpgsm.c and engine-uiserver.c in GPGME before 1.5.1 allow remote attackers to cause a denial of service and possibly execute arbitrary code via vectors related to "different line lengths in a specific order."