Description
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html
Various Sources x_refsource_misc
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2015-0139.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:199
Scores
EPSS
0.0232
EPSS Percentile
85.0%
Details
CWE
CWE-119
Status
published
Products (3)
gnu/less
< 471
opensuse/opensuse
13.1
opensuse/opensuse
13.2
Published
Apr 14, 2015
Tracked Since
Feb 18, 2026