An unexpected sign extension in git_delta_apply function leads to an integer overflow in the bounds check, allowing to bypass it and to read some bytes before the `base` object. An attacker may use this flaw to get an information leak or cause a Denial of Service.
Name: Riccardo Schirone (Product Security Red Hat)
Created libgit2 tracking bugs for this issue:
Affects: fedora-all [bug 1599319]