Daemonology Bsdiff vulnerabilities

CVE-2020-14315 [CRITICAL] CWE-787 CVE-2020-14315: A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.

CVE-2014-9862 [HIGH] CVE-2014-9862: Integer signedness error in bspatch Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.