CVE-2008-3863

CWE-119 — Buffer Overflow10 documents8 sources
Severity
7.6HIGH
EPSS
24.7%
top 3.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Enscript
Timeline
PublishedOct 23
Latest updateMay 2

Description

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages2 packages

â–¶Debianenscript< 1.6.4-13+3
â–¶NVDgnu/enscript1.6.1, 1.6.4+1

🔴Vulnerability Details

3
GHSA
GHSA-wp92-87r8-55v9: Stack-based buffer overflow in the read_special_escape function in src/psgen↗2022-05-02
â–¶
CVEList
CVE-2008-3863: Stack-based buffer overflow in the read_special_escape function in src/psgen↗2008-10-23
â–¶
OSV
CVE-2008-3863: Stack-based buffer overflow in the read_special_escape function in src/psgen↗2008-10-23
â–¶

📋Vendor Advisories

3
Ubuntu
enscript vulnerability↗2008-11-03
â–¶
Red Hat
enscript: "setfilename" special escape buffer overflow↗2008-10-22
â–¶
Debian
CVE-2008-3863: enscript - Stack-based buffer overflow in the read_special_escape function in src/psgen.c i...↗2008
â–¶

💬Community

3
Bugzilla
CVE-2008-5078 enscript: "epsf" special escape buffer overflows↗2008-12-01
â–¶
Bugzilla
CVE-2008-4306 enscript: "font" special escape buffer overflows↗2008-10-31
â–¶
Bugzilla
CVE-2008-3863 enscript: "setfilename" special escape buffer overflow↗2008-10-13
â–¶
CVE-2008-3863 (HIGH CVSS 7.6) | Stack-based buffer overflow in the | cvebase.io