FreeBSD -- heap overflow in file(1)

Problem Description:
When writing data into a buffer in the file_printf function,
the length of the unused portion of the buffer is not
correctly tracked, resulting in a buffer overflow when
processing certain files.
Impact:
An attacker who can cause file(1) to be run on a maliciously
constructed input can cause file(1) to crash. It may be
possible for such an attacker to execute arbitrary code with
the privileges of the user running file(1).
The above also applies to any other applications using the
libmagic(3) library.
Workaround:
No workaround is available, but systems where file(1) and
other libmagic(3)-using applications are never run on
untrusted input are not vulnerable.