An issue has been found in file, a tool to determine file types by using magic numbers.
The number of CDF_VECTOR elements had to be restricted in order to prevent a heap-based buffer overflow (4-byte out-of-bounds write).
For Debian 7 Wheezy, these problems have been fixed in version 5.11-2+deb7u11.
We recommend that you upgrade your file packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/