The vulnerability is caused due to an error in the"lha_read_file_header_1" function, which can be exploited to trigger an out-of-bounds read memory access via a specially crafted archive. Affected versions: libarchive version 3.2.2.Other versions may also be affected. Reference: Patch: