CVE-2008-3863

Currently unrated

Key Information:

Vendor: Gnu
Status: Enscript
Vendor: CVE Published:; 23 October 2008

Summary

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

References

http://www.vupen.com/english/advisories/2008/2891

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/32137

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46026

vdb-entryx_refsource_XF

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 23, 2008
Vulnerability Reserved
Aug 29, 2008