CVE 2016-10349
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
See the 
CVE page on Mitre.org
for more details.
