CVE-2013-7345

Name of the Vulnerable Software and Affected Versions file versions prior to 5.15

Description The issue concerns multiple vulnerabilities in the file package that can lead to a denial of service, potentially disrupting the availability of protected information. Exploitation of these vulnerabilities can be achieved remotely. Specifically, the BEGIN regular expression in the awk script detector uses multiple wildcards with unlimited repetitions, allowing context-dependent attackers to cause a denial of service via a crafted ASCII file that triggers excessive backtracking, such as a file containing many newline characters.

Recommendations For versions prior to 5.15, update to version 5.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of the awk script detector in the magic/Magdir/commands directory to minimize the risk of exploitation. Avoid using the vulnerable BEGIN regular expression in the awk script detector until the issue is resolved.