A heap-based buffer overflow flaw was reported in cpio’s list_file()
function. Attempting to extract a malicious cpio archive could cause
cpio to crash or, potentially, execute arbitrary code.
As noted in the original report, this issue could be trigger via other
utilities, such as when running "less".