Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:gnu:less:358:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2 matching records.
Displaying matches 1 through 2.
Vuln ID Summary CVSS Severity
CVE-2014-9488

The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.

Published: April 14, 2015; 2:59:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-2264

** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.

Published: December 31, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM