The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted ASCII file that triggers a large amount of backtracking, as demonstrated via a file with many newline characters.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "file" }, { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "file-dbg" }, { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "libmagic-dev" }, { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "libmagic1" }, { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "python-magic" }, { "binary_version": "1:5.14-2ubuntu3.1", "binary_name": "python3-magic" } ] }