CVE-2014-9862

Published: 22 July 2016

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
bsdiff
Launchpad, Ubuntu, Debian
Upstream
Released (4.3-17)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4.3-17)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(4.3-17)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (4.3-15+deb8u1build0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)