Severity: Critical
CVSS Score: 9.8
libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_path function in util.c.