Updated libarchive packages are available for Debian 7 LTS
Package : libarchive
Version : 3.0.4-3+wheezy6+deb7u1
CVE ID : CVE-2017-14166
Debian Bug : #874539
It was discovered that there was a denial of service vulnerability in the
libarchive multi-format compression library. A specially-crafted .xar
archive could cause via a heap-based buffer over-read.
For Debian 7 "Wheezy", this issue has been fixed in libarchive version
3.0.4-3+wheezy6+deb7u1.
We recommend that you upgrade your libarchive packages.