Less

This hub aggregates every CVE we track for Less, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 5 most recently published vulnerabilities affecting Less.

• CVE-2024-32487less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled...8.6Apr 13, 2024
• CVE-2022-48624close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.7.8Feb 19, 2024
• CVE-2022-46663In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.7.5Feb 7, 2023
• CVE-2014-9488The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.10.0Apr 14, 2015
• CVE-2004-2264Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format string...6.4Jul 19, 2005