From 7484d3fc16017748998a64781e22bec3d4f83c9b Mon Sep 17 00:00:00 2001
From: Willi Ballenthin <wballenthin@hex-rays.com>
Date: Wed, 22 Apr 2026 09:58:56 +0300
Subject: [PATCH] fix: loader.py reads entire file for magic byte check

Closes #3029
---
 CHANGELOG.md   | 2 ++
 capa/loader.py | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b59edb1a..01c697ce 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -48,6 +48,8 @@
 
 - fix: freeze/__init__.py: logically impossible condition @williballenthin #3030
 
+- fix: loader.py reads entire file for magic byte check @williballenthin #3029
+
 ### capa Explorer Web
 
 ### capa Explorer IDA Pro plugin
diff --git a/capa/loader.py b/capa/loader.py
index d7467495..463e0033 100644
--- a/capa/loader.py
+++ b/capa/loader.py
@@ -498,8 +498,7 @@ def _get_binexport2_file_extractors(input_file: Path) -> list[FeatureExtractor]:
         input_file, be2, [Path(os.environ.get("CAPA_SAMPLES_DIR", "."))]
     )
 
-    with sample_path.open("rb") as f:
-        taste = f.read()
+    taste = capa.helpers.get_file_taste(sample_path)
 
     if taste.startswith(capa.features.extractors.common.MATCH_PE):
         return get_file_extractors(sample_path, FORMAT_PE)