Hello! This patch fixes the CVE-2014-3710 for the file(1) tool. Almost same patch has been applied upstream to devel/libmagic too: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
Greetings, Matthias --- usr.bin/file/readelf.c Wed Oct 28 00:59:38 2009 +++ usr.bin/file/readelf.c Tue Nov 4 16:03:33 2014 @@ -359,6 +359,13 @@ donote(struct magic_set *ms, unsigned char *nbuf, size #endif uint32_t namesz, descsz; + if (xnh_sizeof + offset > size) { + /* + * We're out of note headers. + */ + return xnh_sizeof + offset; + } + (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof); offset += xnh_sizeof;