Format String Bug in GNU Less Affects Multiple Versions
CVE-2004-2264

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
31 December 2004

Summary

A format string vulnerability exists in the open_altfile function within filename.c of GNU Less versions 382, 381, and 358. This issue could allow local users to potentially cause a denial of service or execute arbitrary code by manipulating format strings in the LESSOPEN environment variable. Although GNU Less is not setuid or setgid, this vulnerability could pose risks in scenarios where privilege boundaries might be crossed, demanding careful assessment and remediation.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.