[ GLSA 201403-03 ] file: Denial of Service

GLSA · Advocate Joined: 12 May 2004 Posts: 2663

Gentoo Linux Security Advisory

Title: file: Denial of Service (GLSA 201403-03)
Severity: normal
Exploitable: remote
Date: March 13, 2014
Bug(s): #501574
ID: 201403-03

Synopsis

A vulnerability in file could result in Denial of Service.

Background

file is a utility that guesses a file format by scanning binary data for
patterns.

Affected Packages

Package: sys-apps/file
Vulnerable: < 5.17
Unaffected: >= 5.17
Architectures: All supported architectures

Description

A flaw was found in the way the file utility determines the type of a
file.

Impact

A remote attacker could entice a user to open a specially crafted file,
possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All file users should upgrade to the latest version: