CVE-2014-9488
Published: 14 April 2015
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
Priority
Status
Package | Release | Status |
---|---|---|
less Launchpad, Ubuntu, Debian |
Upstream |
Released
(475)
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Not vulnerable
(481-2.1)
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(458-2)
|
|
Patches: Other: https://blog.fuzzing-project.org/uploads/less-CVE-2014-9488-utf8-overflow.diff |
Notes
Author | Note |
---|---|
tyhicks | Hanno's blog post has been updated to say that less 458 is not affected I've verified that no stable releases are affected via the reproducers on Hanno's blog post and valgrind |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488
- http://www.openwall.com/lists/oss-security/2015/03/10/14
- https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
- NVD
- Launchpad
- Debian