An out of bounds read was found in libarchive's RAR parser. A specially
crafted file could cause the application to read heap memory beyond the end
of the decompression buffer.
Fix included in upstream release v3.2.1.
The vulnerable code was not included in libarchive-2.8.
Created libarchive tracking bugs for this issue:
Affects: fedora-all [bug 1352776]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2016:1844 https://rhn.redhat.com/errata/RHSA-2016-1844.html