It is possible to exploit this bug by crafting a file that has tar contents without a header, thus making it hard to detect even with recursive archives.