Binwalk versions 2.1.2b through 2.3.2 suffer from a remote command execution vulnerability.
071c5247cee1d4b786481e8ad2dd0b26e35a42b095df9a6007a1a7b95f7bf7dd
Ghidra (Linux) version 9.0.4 suffers from a .gar related arbitrary code execution vulnerability.
d8d7c325d350b463017b38852324eca682609da29b6f5b3ea847494efb0bee38