A remote code execution vulnerability has been reported in the bspatch utility in FreeBSD. The vulnerability is due to improper validation on the numbers of bytes to read from diff and extra stream values. A remote attacker can exploit this vulnerability by enticing the target user to download and apply a crafted patch file.