The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.
http://advisories.mageia.org/MGASA-2015-0040.html
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
https://security.gentoo.org/glsa/201503-08