Description
The "file" command is used to identify a particular file according to the
type of data contained in the file. The command can identify various file
types, including ELF binaries, system libraries, RPM packages, and
different graphics formats.
Multiple denial of service flaws were found in the way file parsed certain
Composite Document Format (CDF) files. A remote attacker could use either
of these flaws to crash file, or an application using file, via a specially
crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, CVE-2012-1571)
Two denial of service flaws were found in the way file handled indirect and
search rules. A remote attacker could use either of these flaws to cause
file, or an application using file, to crash or consume an excessive amount
of CPU. (CVE-2014-1943, CVE-2014-2270)