[3.5] libgsf: Null pointer dereference in tar_directory_for_file() (CVE-2016-9888)
An error within the “tar_directory_for_file()” function
(gsf-infile-tar.c) in GNOME Structured File Library
before 1.14.41 can be exploited to trigger a Null pointer dereference and subsequently cause a crash via a crafted TAR file.
Fixed In Version:
(from redmine: issue id 6554, created on 2016-12-19, closed on 2016-12-20)
main/libgsf: security upgrade to 1.14.41 (CVE-2016-9888). Fixes #6554