xdelta: User-assisted execution of arbitrary code A buffer overflow in xdelta might allow remote attackers to execute arbitrary code. xdelta 2017-01-17 2017-01-17 574408 remote 3.0.10 3.0.10

Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams.

A buffer overflow can be triggered within xdelta when ran against a malicious input file.

A remote attacker could coerce the victim to run xdelta against a malicious input file. This may be leveraged by an attacker to crash xdelta and gain control of program execution.

There is no known workaround at this time.

All xdelta users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/xdelta-3.0.10" CVE-2014-9765 whissi b-man