An exploitable stack based buffer overflow vulnerability exists in the mtree parse_device functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this vulnerability.
Contrary to the Talos advisory, the affected code was only introduced after
the release of v3.1.2. Thus no Red Hat packages are affected.