Vulnerability Description
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Enscript | 1.6.1 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
- http://rhn.redhat.com/errata/RHSA-2008-1021.html
- http://secunia.com/advisories/32137Vendor Advisory
- http://secunia.com/advisories/32521
- http://secunia.com/advisories/32530Vendor Advisory
- http://secunia.com/advisories/32753
- http://secunia.com/advisories/32854
- http://secunia.com/advisories/32970
- http://secunia.com/advisories/33109
- http://secunia.com/advisories/35074
- http://secunia.com/secunia_research/2008-41/Vendor Advisory
- http://security.gentoo.org/glsa/glsa-200812-02.xml
- http://securityreason.com/securityalert/4488
- http://support.apple.com/kb/HT3549
FAQ
What is CVE-2008-3863?
CVE-2008-3863 is a vulnerability with a CVSS score of 7.6 (HIGH). Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assiste...
How severe is CVE-2008-3863?
CVE-2008-3863 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3863?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Enscript.