LAYER: meta
PACKAGE NAME: less
PACKAGE VERSION: 643
CVE: CVE-2004-2264
CVE STATUS: Patched
CVE SUMMARY: Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed
CVSS v2 BASE SCORE: 6.4
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:N/I:P/A:P
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2004-2264

LAYER: meta
PACKAGE NAME: less
PACKAGE VERSION: 643
CVE: CVE-2014-9488
CVE STATUS: Patched
CVE SUMMARY: The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
CVSS v2 BASE SCORE: 10.0
CVSS v3 BASE SCORE: 0.0
VECTOR: NETWORK
VECTORSTRING: AV:N/AC:L/Au:N/C:C/I:C/A:C
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2014-9488

LAYER: meta
PACKAGE NAME: less
PACKAGE VERSION: 643
CVE: CVE-2022-46663
CVE STATUS: Patched
CVE SUMMARY: In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 7.5
VECTOR: NETWORK
VECTORSTRING: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2022-46663

LAYER: meta
PACKAGE NAME: less
PACKAGE VERSION: 643
CVE: CVE-2024-32487
CVE STATUS: Patched
CVE SUMMARY: less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.
CVSS v2 BASE SCORE: 0.0
CVSS v3 BASE SCORE: 8.6
VECTOR: LOCAL
VECTORSTRING: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
MORE INFORMATION: https://nvd.nist.gov/vuln/detail/CVE-2024-32487