CVE-2017-11124by Jeremyin Security Bulletinson Posted on July 10, 2017 libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unserialize function in archive.c.