Vulnerabilities (CVE)

Filtered by vendor Gnu Subscribe
Filtered by product Less
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46663 2 Fedoraproject, Gnu 2 Fedora, Less 2024-11-21 N/A 7.5 HIGH
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
CVE-2014-9488 2 Gnu, Opensuse 2 Less, Opensuse 2024-11-21 10.0 HIGH N/A
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVE-2004-2264 1 Gnu 1 Less 2024-11-20 6.4 MEDIUM N/A
Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed