Format String Bug in GNU Less Affects Multiple Versions
CVE-2004-2264
Currently unrated
Summary
A format string vulnerability exists in the open_altfile function within filename.c of GNU Less versions 382, 381, and 358. This issue could allow local users to potentially cause a denial of service or execute arbitrary code by manipulating format strings in the LESSOPEN environment variable. Although GNU Less is not setuid or setgid, this vulnerability could pose risks in scenarios where privilege boundaries might be crossed, demanding careful assessment and remediation.
References
Timeline
Vulnerability Reserved
Vulnerability published