enscript -- arbitrary code execution vulnerability

ID A1126054-B57C-11DD-8892-0017319806E7
Type freebsd
Reporter FreeBSD
Modified 2008-10-22T00:00:00


Ulf Harnhammar of Secunia Research reports:

Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command.