Debian Less vulnerabilities

6 known vulnerabilities affecting debian/less.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3LOW3

Vulnerabilities

Page 1 of 1
CVE-2024-32487HIGHCVSS 8.6fixed in less 590-2.1~deb12u2 (bookworm)2024
CVE-2024-32487 [HIGH] CVE-2024-32487: less - less through 653 allows OS command execution via a newline character in the name... less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common ca
debian
CVE-2022-48624HIGHCVSS 7.8fixed in less 590-2.1~deb12u2 (bookworm)2022
CVE-2022-48624 [HIGH] CVE-2022-48624: less - close_altfile in filename.c in less before 606 omits shell_quote calls for LESSC... close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. Scope: local bookworm: resolved (fixed in 590-2.1~deb12u2) bullseye: resolved (fixed in 551-2+deb11u2) forky: resolved (fixed in 590-2.1) sid: resolved (fixed in 590-2.1) trixie: resolved (fixed in 590-2.1)
debian
CVE-2022-46663HIGHCVSS 7.5fixed in less 590-1.2 (bookworm)2022
CVE-2022-46663 [HIGH] CVE-2022-46663: less - In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI ... In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. Scope: local bookworm: resolved (fixed in 590-1.2) bullseye: resolved forky: resolved (fixed in 590-1.2) sid: resolved (fixed in 590-1.2) trixie: resolved (fixed in 590-1.2)
debian
CVE-2014-9488LOWCVSS 10.0fixed in less 481-1 (bookworm)2014
CVE-2014-9488 [CRITICAL] CVE-2014-9488: less - The is_utf8_well_formed function in GNU less before 475 allows remote attackers ... The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. Scope: local bookworm: resolved (fixed in 481-1) bullseye: resolved (fixed in 481-1) forky: resolved (fixed in 481-1) sid: resolved (fixed in 481-1) trixie: resolved (fixed in 481-1)
debian
CVE-2005-0086LOWCVSS 7.52005
CVE-2005-0086 [HIGH] CVE-2005-0086: less - Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attacker... Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2004-2264LOWCVSS 6.42004
CVE-2004-2264 [MEDIUM] CVE-2004-2264: less - Format string bug in the open_altfile function in filename.c for GNU less 382, 3... Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege
debian