CVE-2007-2026

Name of the Vulnerable Software and Affected Versions: file versions 4.20 through 4.21

Description: The issue concerns the gnu regular expression code in the file package, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters. This is particularly problematic for OS/2 REXX regular expressions that use wildcards. Multiple vulnerabilities in the file package can lead to disruption of protected information and can be exploited remotely.

Recommendations: For file version 4.20, consider updating to a newer version to mitigate the risk. For file version 4.21, as a temporary workaround, consider restricting the use of the gnu regular expression code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.