Bug 2446309 (CVE-2026-31808) - CVE-2026-31808 file-type: file-type: Denial of Service due to infinite loop in ASF file parsing
Summary: CVE-2026-31808 file-type: file-type: Denial of Service due to infinite loop i...
Keywords:
Status: NEW
Alias: CVE-2026-31808
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2446348 2446349 2446350 2446352 2446351
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-03-10 23:01 UTC by OSIDB Bzimport
Modified: 2026-03-10 23:45 UTC (History)
44 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-03-10 23:01:36 UTC 
file-type detects the file type of a file, stream, or data. Prior to 21.3.1, a denial of service vulnerability exists in the ASF (WMV/WMA) file type detection parser. When parsing a crafted input where an ASF sub-header has a size field of zero, the parser enters an infinite loop. The payload value becomes negative (-24), causing tokenizer.ignore(payload) to move the read position backwards, so the same sub-header is read repeatedly forever. Any application that uses file-type to detect the type of untrusted/attacker-controlled input is affected. An attacker can stall the Node.js event loop with a 55-byte payload. Fixed in version 21.3.1.
Note You need to log in before you can comment on or make changes to this bug.