libarchive.so is vulnerable to denial of service (DoS) attacks. A NULL pointer dereference in the ACL parser libarchive/archive_acl.c
in the function archive_acl_from_text_l()
allows an attacker to crash the process and cause a denial of service condition.
lists.opensuse.org/opensuse-security-announce/2019-04/msg00055.html
www.securityfocus.com/bid/106324
bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909
github.com/libarchive/libarchive/pull/1105
github.com/libarchive/libarchive/pull/1105/commits/15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175
lists.fedoraproject.org/archives/list/[email protected]/message/CBOCC2M6YGPZA6US43YK4INPSJZZHRTG/
lists.fedoraproject.org/archives/list/[email protected]/message/W645KCLWFDBDGFJHG57WOVXGE62QSIJI/
lists.fedoraproject.org/archives/list/[email protected]/message/ZVXA7PHINVT6DFF6PRLTDTVTXKDLVHNF/