GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service by modifying a file that is supposed to be archived by a different user"s process .