Stack-based Buffer Overflow in GNU Enscript by GNU
CVE-2008-3863

Currently unrated

Key Information:

Vendor: Gnu
Status: Enscript
Vendor: CVE Published:; 23 October 2008

Summary

The vulnerability in GNU Enscript arises from a stack-based buffer overflow occurring in the read_special_escape function when the special escapes processing option is enabled. This flaw permits remote attackers, who can manipulate user input, to execute arbitrary code on the affected system through a specially crafted ASCII file, specifically targeting the setfilename command. This can lead to significant security risks if left unaddressed, as it may allow unauthorized access and control over affected environments.

References

http://www.vupen.com/english/advisories/2008/2891

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/32137

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/46026

vdb-entryx_refsource_XF

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 23, 2008
Vulnerability Reserved
Aug 29, 2008