6 matches found
enscript: "setfilename" special escape buffer overflow
Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...
enscript: "setfilename" special escape buffer overflow
Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...
enscript: User-assisted execution of arbitrary code
Background enscript is a powerful ASCII to PostScript file converter. Description Two stack-based buffer overflows in the readspecialescape function in src/psgen.c have been reported. Ulf Harnhammar of Secunia Research discovered a vulnerability related to the "setfilename" command CVE-2008-3863,...
DEBIAN-CVE-2008-3863
Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...
CVE-2008-3863
Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...
GNU Enscript src/psgen.c栈溢出漏洞
BUGTRAQ ID: 31858 CVECAN ID: CVE-2008-3863 GNU enscript是用于替换Adobe enscript程序的脚本。Enscript可将ASCII文件转换为PostScript并将生成的PostScript输出提供给指定的打印机。 GNU enscript src/psgen.c文件中的readspecialescape函数存在栈溢出漏洞。如果用户通过-e选项启用了特殊转义处理的话,在转换恶意文件时就可能触发这个溢出,导致执行任意指令。 GNU Enscript 1.6.4 beta GNU Enscript 1.6.1 GNU ---...