CVE-2004-1185
published 2005-01-21CVE-2004-1185: Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
high7.5CVSS 3.1
AVNACLAuNCPIPAP
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | enscript | < enscript 1.6.4-6 (bookworm) | enscript 1.6.4-6 (bookworm) |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | — | — |
| gnu | enscript | >= 0 < 1.6.4-6 | 1.6.4-6 |
| gnu | enscript | >= 0 < 1.6.4-6 | 1.6.4-6 |
| gnu | enscript | >= 0 < 1.6.4-6 | 1.6.4-6 |
| gnu | enscript | >= 0 < 1.6.4-6 | 1.6.4-6 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH