FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xdelta3 -- buffer overflow vulnerability

Affected packages
xdelta3 < 3.0.9,1

Details

VuXML ID f1bf28c5-d447-11e5-b2bd-002590263bf5
Discovery 2014-10-08
Entry 2016-02-16

Stepan Golosunov reports:

Buffer overflow was found and fixed in xdelta3 binary diff tool that allows arbitrary code execution from input files at least on some systems.

References

CVE Name CVE-2014-9765
URL http://www.openwall.com/lists/oss-security/2016/02/08/1
URL https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2