file before 5.11 and libmagic allow remote attackers to cause a denial of
service (crash) via a crafted Composite Document File (CDF) file that
triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.
@base-system, may we proceed to stabilize =sys-apps/file-5.11 ?
Stable for HPPA.
GLSA draft is ready for review.
This issue was resolved and addressed in
GLSA 201209-14 at http://security.gentoo.org/glsa/glsa-201209-14.xml
by GLSA coordinator Sean Amoss (ackle).