The copyfromlzsswindow function in archivereadsupportformat_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.
{ "urgency": "not yet assigned" }