The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or crash) via a large number of (1) program or (2) section headers or (3) invalid capabilities.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "file" }, { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "file-dbg" }, { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "libmagic-dev" }, { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "libmagic1" }, { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "python-magic" }, { "binary_version": "1:5.14-2ubuntu3.3", "binary_name": "python3-magic" } ] }