[v2.6] less: invalid memory access (CVE-2014-9488)
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
CONFIRM: http://advisories.mageia.org/MGASA-2015-0139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488
http://seclists.org/oss-sec/2015/q1/797
(from redmine: issue id 4116, created on 2015-04-27, closed on 2015-05-06)
- Relations:
- parent #4115 (closed)
- Changesets:
- Revision 1e95b722 by Natanael Copa on 2015-05-05T07:07:44Z:
main/less: security upgrade to 475 (CVE-2014-9488)
fixes #4116