bsdcpio in libarchive prior to 3.2.0 allows remote malicious users to cause a denial of service (invalid read and crash) via crafted cpio file.
libarchive libarchive