This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201412-48">
<title>file: Denial of Service</title>
<synopsis>A vulnerability in file could allow a context-dependent attack to
create a Denial of Service condition.
</synopsis>
<producttype="ebuild">file</product>
<announced>2014-12-27</announced>
<revisedcount="1">2014-12-27</revised>
<bug>532686</bug>
<access>local, remote</access>
<affected>
<packagename="sys-apps/file"auto="yes"arch="*">
<unaffectedrange="ge">5.21</unaffected>
<vulnerablerange="lt">5.21</vulnerable>
</package>
</affected>
<background>
<p>The file utility attempts to identify a file’s format by scanning
binary data for patterns.
</p>
</background>
<description>
<p>An issue with the ELF parser used by the file utility can cause a
resource consumption when reading a specially-crafted ELF binary.
</p>
</description>
<impacttype="normal">
<p>A context-dependent attacker may be able to cause Denial of Service.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All file users should upgrade to the latest version:</p>
