CVE-2008-3863

EPSS 24.7%

enscript - arbitrary code execution

Published: 10/23/2008Modified: 4/28/2026

Description

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

Affected packages (2)

Debian/enscriptfrom 0, < 1.6.4-13
Debian/enscriptfrom 0, < 1.6.4-11.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-3863