If I read that correctly the problem is that it prints a filename that might include terminal control sequences that come from an attacker-controlled file name.

Comment in your second link:

https://github.com/libarchive/libarchive/pull/1609#issuecomm...