A memory corruption vulnerability is present in bspatch as shipped in Colin Percival�??s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.