CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

References

Affected packages

Debian:11 / enscript

Package

Name: enscript
Purl: pkg:deb/debian/enscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / enscript

Package

Name: enscript
Purl: pkg:deb/debian/enscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / enscript

Package

Name: enscript
Purl: pkg:deb/debian/enscript?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.4-13

Ecosystem specific

{
    "urgency": "not yet assigned"
}