Published: 14 April 2015
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
Launchpad, Ubuntu, Debian
|Ubuntu 16.04 ESM (Xenial Xerus)||
|Ubuntu 14.04 ESM (Trusty Tahr)||
Hanno's blog post has been updated to say that less 458 is not affected I've verified that no stable releases are affected via the reproducers on Hanno's blog post and valgrind