Enscript
by GNU
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3863 | 0.01 | — | 0.08 | Oct 23, 2008 | Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related… | |||
| CVE-2008-5078 | 0.00 | — | 0.03 | Dec 19, 2008 | Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename. | |||
| CVE-2004-1184 | 0.00 | — | 0.01 | Jan 21, 2005 | The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | |||
| CVE-2004-1185 | 0.00 | — | 0.04 | Jan 21, 2005 | Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames. | |||
| CVE-2004-1186 | 0.00 | — | 0.04 | Dec 31, 2004 | Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash). | |||
| CVE-2002-0044 | 0.00 | — | 0.00 | Jan 31, 2002 | GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files. |
- CVE-2008-3863Oct 23, 2008risk 0.01cvss —epss 0.08
Stack-based buffer overflow in the read_special_escape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e (aka special escapes processing) option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related…
- CVE-2008-5078Dec 19, 2008risk 0.00cvss —epss 0.03
Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.
- CVE-2004-1184Jan 21, 2005risk 0.00cvss —epss 0.01
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
- CVE-2004-1185Jan 21, 2005risk 0.00cvss —epss 0.04
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
- CVE-2004-1186Dec 31, 2004risk 0.00cvss —epss 0.04
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
- CVE-2002-0044Jan 31, 2002risk 0.00cvss —epss 0.00
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.