CVE-2008-3863

Name of the Vulnerable Software and Affected Versions GNU Enscript versions 1.6.1 through 1.6.4 beta

Description The issue is related to a stack-based buffer overflow in the read special escape function in src/psgen.c, which can be exploited when the -e option is enabled. This allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename command. The vulnerability can lead to disruption of confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations For GNU Enscript versions 1.6.1 through 1.6.4 beta, consider disabling the -e option to prevent special escapes processing until a patch is available. As a temporary workaround, restrict the use of the read special escape function in src/psgen.c to minimize the risk of exploitation. Avoid using the setfilename command in crafted ASCII files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.