enscript vulnerability

2008-11-0300:00:00

ubuntu.com

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.292 Low

EPSS

Percentile

96.9%

JSON

Releases

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

Packages

enscript -

Details

Ulf Härnhammar discovered multiple stack overflows in enscript’s handling of
special escape arguments. If a user or automated system were tricked into
processing a malicious file with the “-e” option enabled, a remote attacker
could execute arbitrary code or cause enscript to crash, possibly leading
to a denial of service.

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchenscript< 1.6.4-12ubuntu0.8.10.1UNKNOWN
Ubuntu8.04noarchenscript< 1.6.4-12ubuntu0.8.04.1UNKNOWN
Ubuntu7.10noarchenscript< 1.6.4-11ubuntu0.2UNKNOWN
Ubuntu6.06noarchenscript< 1.6.4-7ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.10	noarch	enscript	< 1.6.4-12ubuntu0.8.10.1	UNKNOWN
Ubuntu	8.04	noarch	enscript	< 1.6.4-12ubuntu0.8.04.1	UNKNOWN
Ubuntu	7.10	noarch	enscript	< 1.6.4-11ubuntu0.2	UNKNOWN
Ubuntu	6.06	noarch	enscript	< 1.6.4-7ubuntu0.2	UNKNOWN