A buffer overflow in xdelta might allow remote attackers to execute arbitrary code.
|Package||dev-util/xdelta on all architectures|
|Affected versions||< 3.0.10|
|Unaffected versions||>= 3.0.10|
Xdelta is a C library and command-line tool for delta compression using VCDIFF/RFC 3284 streams.
A buffer overflow can be triggered within xdelta when ran against a malicious input file.
A remote attacker could coerce the victim to run xdelta against a malicious input file. This may be leveraged by an attacker to crash xdelta and gain control of program execution.
There is no known workaround at this time.
All xdelta users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/xdelta-3.0.10"
January 17, 2017
January 17, 2017: 01