CVE-2014-9765

Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
debianCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
debiandebian_linux
7.0
debiandebian_linux
8.0
xdeltaxdelta3
𝑥
≤ 3.0.8
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xdelta3
bullseye
3.0.11-dfsg-1
fixed
sid
3.0.11-dfsg-1.2
fixed
trixie
3.0.11-dfsg-1.2
fixed
bookworm
3.0.11-dfsg-1.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xdelta3
wily
Fixed 3.0.8-dfsg-1ubuntu0.15.10.2
released
trusty
Fixed 3.0.7-dfsg-2ubuntu0.2
released
precise
Fixed 3.0.0.dfsg-1+deb7u1build0.12.04.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2016-02/msg00125.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00131.html
http://www.debian.org/security/2016/dsa-3484
http://www.openwall.com/lists/oss-security/2016/02/08/1
http://www.openwall.com/lists/oss-security/2016/02/08/2
http://www.securityfocus.com/bid/83109
http://www.ubuntu.com/usn/USN-2901-1
https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
https://security.gentoo.org/glsa/201701-40
http://lists.opensuse.org/opensuse-updates/2016-02/msg00125.html
http://lists.opensuse.org/opensuse-updates/2016-02/msg00131.html
http://www.debian.org/security/2016/dsa-3484
http://www.openwall.com/lists/oss-security/2016/02/08/1
http://www.openwall.com/lists/oss-security/2016/02/08/2
http://www.securityfocus.com/bid/83109
http://www.ubuntu.com/usn/USN-2901-1
https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
https://security.gentoo.org/glsa/201701-40