A flaw was found in libgit2, a cross-platform, linkable library implementation of Git. A specially crafted payload to git_index_add can cause heap corruption that could be leveraged for arbitrary code execution. The attacker must be able to trigger two consecutive calls to git_index_add with a filename that starts with a / character to exploit this vulnerability. To control the heap corruption, the attacker must be able to control the ctime field of the git_index_entry data structure.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.