Bernd Melchers

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.17 file-static-5.04 file-5.04 file-debuginfo-5.04 file-libs-5.04 file-devel-5.04 **Description** The issue allows context-dependent attackers to cause a denial of service, potentially leading to disruption of protected information availability. This can be achieved through a crafted indirect offset value in the `magic` of a file, resulting in infinite recursion, CPU consumption, and crash. The exploitation can be carried out remotely. **Recommendations** For file versions prior to 5.17, update to version 5.17 or later to resolve the issue. For file-static-5.04, file-5.04, file-debuginfo-5.04, file-libs-5.04, and file-devel-5.04, update to a version that is not affected by this issue, as these specific versions are vulnerable. As a temporary workaround, consider restricting access to the `magic` of files to minimize the risk of exploitation.