enscript

• Author: Miklos Vajna
• Vulnerable: 1.6.4-4
• Unaffected: 1.6.4-5solaria1

Some vulnerabilities have been discovered in GNU Enscript, which can be exploited by malicious people to compromise a vulnerable system.

1. A vulnerability is caused due to a boundary error within the “read_special_escape()” function in src/psgen.c when processing the “setfilename” escape sequence. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file.
2. A vulnerability is caused due to a boundary error within the “read_special_escape()” function in src/psgen.c when processing the “font” escape sequence. This can be exploited to cause a stack-based buffer overflow by tricking the user into converting a malicious file. Successful exploitation allows execution of arbitrary code, but requires that special escapes processing is enabled with the “-e” option.

• Bug Tracker URL: http://bugs.frugalware.org/task/3404

CVEs:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3863
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4306