Secunia writes: A vulnerability has been reported in file, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error within the "cdf_read_sat()" function in src/cdf.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted compound document file. Successful exploitation may allow execution of arbitrary code.
This only affects file 5.0 and later.
file-5.02 is now in the tree, and current stable is 4.xx, so no need for GLSA
CVE-2009-3930 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3930): Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.