9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.292 Low
EPSS
Percentile
96.9%
Ulf Harnhammar of Secunia Research reports:
Stack-based buffer overflow in the read_special_escape function
in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e
(aka special escapes processing) option is enabled, allows
user-assisted remote attackers to execute arbitrary code via a
crafted ASCII file, related to the setfilename command.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | enscript-a4 | < 1.6.4_2 | UNKNOWN |
FreeBSD | any | noarch | enscript-letter | < 1.6.4_2 | UNKNOWN |
FreeBSD | any | noarch | enscript-letterdj | < 1.6.4_2 | UNKNOWN |