microtar through 0.1.0 contains a stack-based buffer overflow vulnerability in the raw_to_header() function in src/microtar.c that allows attackers to corrupt a…

microtar through version 0.1.0 contains a critical stack-based buffer overflow vulnerability in the raw_to_header() function located in src/microtar.c. The vulnerability allows attackers to corrupt adjacent stack memory by supplying specially crafted TAR archives with non-null-terminated name or linkname fields. The flaw occurs because the function uses strcpy() to copy 100-byte ustar format fields that lack proper null terminators, resulting in up to 355 bytes being written into a 100-byte destination buffer. The vulnerability can be triggered when the functions mtar_open(), mtar_find(), or mtar_read_header() process malicious TAR archives supplied by attackers.