libalpm, as used in pacman 5.0.1, allows remote malicious users to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file.
pacman project pacman 5.0.1