A memory leak was discovered in libarchive in the TAR format parser. Cleanup code in the TAR parser was attached at the wrong point, allowing a small amount of memory to be leaked for each TAR file processed. The vulnerable code was never in a released version; it was introduced and fixed between v3.1.2 and v3.2.0. Upstream bug: https://github.com/libarchive/libarchive/issues/517 Upstream fix: https://github.com/libarchive/libarchive/commit/d24e79e