The archivereadformatcabreadheader function in archivereadsupportformat_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
{ "urgency": "not yet assigned" }