cpe:/a:gnu:enscript:1.6.1 cpe:/a:gnu:enscript:1.6.4:beta CVE-2008-3863 2008-10-23T18:00:01.323-04:00 2017-09-28T21:31:53.633-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2008-10-24T13:38:00.000-04:00 BUGTRAQ 20081022 Secunia Research: GNU Enscript "setfilename" Special Escape Buffer Overflow BUGTRAQ 20081117 rPSA-2008-0321-1 enscript BID 31858 SECUNIA 32137 SECUNIA 32521 SECUNIA 32530 SECUNIA 32753 SECUNIA 32854 SECUNIA 32970 SECUNIA 33109 SECUNIA 35074 SREASON 4488 VUPEN ADV-2008-2891 VUPEN ADV-2009-1297 APPLE APPLE-SA-2009-05-12 DEBIAN DSA-1670 FEDORA FEDORA-2008-9351 FEDORA FEDORA-2008-9372 GENTOO GLSA-200812-02 MANDRIVA MDVSA-2008:243 REDHAT RHSA-2008:1016 REDHAT RHSA-2008:1021 SUSE SUSE-SR:2008:024 CERT TA09-133A UBUNTU USN-660-1 XF gnuenscript-readspecialescape-bo(46026) MISC http://secunia.com/secunia_research/2008-41/ CONFIRM http://support.apple.com/kb/HT3549 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321 CONFIRM https://issues.rpath.com/browse/RPL-2887 Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.