CVE-2004-2264 is a vulnerability in GNU Less
Published on December 31, 2004

Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed

NVD

Products Associated with CVE-2004-2264

Want to know whenever a new CVE is published for GNU Less? stack.watch will email you.

GNU Less

Exploit Probability

EPSS

0.69%

Percentile

71.43%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2004-2264 is a vulnerability in GNU LessPublished on December 31, 2004

Products Associated with CVE-2004-2264

Exploit Probability

CVE-2004-2264 is a vulnerability in GNU Less
Published on December 31, 2004