libarchive 3.3.2 allows remote attackers to cause a denial of service via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.