CVE-2014-9488
Published: 14 April 2015
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
Notes
Author | Note |
---|---|
tyhicks | Hanno's blog post has been updated to say that less 458 is not affected I've verified that no stable releases are affected via the reproducers on Hanno's blog post and valgrind |
Priority
Status
Package | Release | Status |
---|---|---|
less Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Not vulnerable
(verified via valgrind)
|
|
trusty |
Not vulnerable
(458-2)
|
|
upstream |
Released
(475)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life, was needed)
|
|
Patches: other: https://blog.fuzzing-project.org/uploads/less-CVE-2014-9488-utf8-overflow.diff |