CVE-2008-3863

EPSS 24.7%

enscript - arbitrary code execution

發布日:2008/10/23修改日:2026/4/28

描述

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

受影響套件(2)

Debian/enscriptfrom 0, < 1.6.4-13
Debian/enscriptfrom 0, < 1.6.4-11.1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-3863