CVE-2004-2264

Name of the Vulnerable Software and Affected Versions: GNU less versions 358 through 382

Description: A format string bug in the open altfile function in filename.c might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. This issue is not considered a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.

Recommendations: For GNU less versions 358 through 382, consider restricting the use of the LESSOPEN environment variable to minimize the risk of exploitation until a patch is available.