less: invalid memory access (CVE-2014-9488)
The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.
https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
CONFIRM: http://advisories.mageia.org/MGASA-2015-0139.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488
http://seclists.org/oss-sec/2015/q1/797
(from redmine: issue id 4115, created on 2015-04-27, closed on 2015-05-06)
- Relations:
- child #4116 (closed)
- child #4117 (closed)
- child #4118 (closed)
- child #4119 (closed)
- Changesets:
- Revision f005cdbb by Natanael Copa on 2015-05-05T08:15:10Z:
main/less: security upgrade to 475 (CVE-214-9488)
ref #4115