Vulnerability Details CVE-2014-9488
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.04
EPSS Ranking 89.2%
CVSS Severity
CVSS v2 Score 10.0
References
- http://advisories.mageia.org/MGASA-2015-0139.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:199
- https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
- http://advisories.mageia.org/MGASA-2015-0139.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159449.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:199
- https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
Products affected by CVE-2014-9488
-
cpe:2.3:a:gnu:less:-
-
cpe:2.3:a:gnu:less:358
-
cpe:2.3:a:gnu:less:381
-
cpe:2.3:a:gnu:less:382
-
cpe:2.3:a:gnu:less:471
-
cpe:2.3:o:opensuse:opensuse:13.1
-
cpe:2.3:o:opensuse:opensuse:13.2