An integer underflow bug has been found in the file_printf function in
file, a tool to determine file types based analysis of file content.
The bug could allow an attacker to execute arbitrary code by inducing a
local user to examine a specially crafted file that triggers a buffer
overflow.
For the stable distribution (sarge), this problem has been fixed in
version 4.12-1sarge1.
For the upcoming stable distribution (etch), this problem has been fixed in
version 4.17-5etch1.
For the unstable distribution (sid), this problem has been fixed in
4.20-1.
We recommend that you upgrade your file package.