rpm package
opensuse/less&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/less&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-32487 | — | < 668-2.1 | 668-2.1 | Apr 13, 2024 | less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al | ||
| CVE-2022-46663 | — | < 608-2.1 | 608-2.1 | Feb 7, 2023 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | ||
| CVE-2014-9488 | — | < 481-1.5 | 481-1.5 | Apr 14, 2015 | The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. |
- CVE-2024-32487Apr 13, 2024affected < 668-2.1fixed 668-2.1
less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation al
- CVE-2022-46663Feb 7, 2023affected < 608-2.1fixed 608-2.1
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
- CVE-2014-9488Apr 14, 2015affected < 481-1.5fixed 481-1.5
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.