Format String Bug in GNU Less Affects Multiple Versions
CVE-2004-2264

Currently unrated

Key Information:

Vendor: Gnu
Status: Less
Vendor: CVE Published:; 31 December 2004

Summary

A format string vulnerability exists in the open_altfile function within filename.c of GNU Less versions 382, 381, and 358. This issue could allow local users to potentially cause a denial of service or execute arbitrary code by manipulating format strings in the LESSOPEN environment variable. Although GNU Less is not setuid or setgid, this vulnerability could pose risks in scenarios where privilege boundaries might be crossed, demanding careful assessment and remediation.

References

http://www.osvdb.org/9014

vdb-entryx_refsource_OSVDB

http://securitytracker.com/id?1010988

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/17032

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Jul 19, 2005
Vulnerability published
Dec 31, 2004