An exploitable heap overflow vulnerability exists in the Rar decompression functionality of libarchive. A specially crafted Rar file can cause a heap corruption eventually leading to code execution. An attacker can send a malformed file to trigger this vulnerability.
Libarchive-2.8 does not include the rar/ppmd functionality that introduced this
Created libarchive tracking bugs for this issue:
Affects: fedora-all [bug 1352776]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html