A memory corruption vulnerability is present in bspatch as
shipped in Colin Percival's bsdiff tools version 4.3. Insufficient
checks when handling external inputs allows an attacker to bypass
the sanity checks in place and write out of a dynamically allocated
buffer boundaries. Proof of concept included.