diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.