libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (called from do_uncompress_block and process_block).
I guess this is unfixed? No references in the CVE to a fix, nor the oss-fuzz
This is one of the most useless reports I've seen. There's literally zero detail on what's happening, only name of the function (which luckily seems to be used only once, so apparently it's affecting libarchive/archive_read_support_format_rar5.c). The detailed report does not seem to be public, the bug has apparently been kept secret for 3 months without bothering to report it upstream, and now CVE was released with practically no details and apparently still nobody cared to report it.
Package list is empty or all packages have requested keywords.
The fixes are apparently still work-in-progress.