*** This bug has been split off bug 144683 *** ------- Original comment by Josh Bressers (Security Response Team) on 2005.01.10 12:26 ------- This was reported to vendor-sec on 2004-01-07 Erik Sjölund has discovered several security relevant problems in enscript, a program to converts ASCII text to Postscript and other formats. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CAN-2004-1184 Unsanitised input can caues the execution of arbitrary commands via EPSF pipe support. This has been disabled, also upstream. CAN-2004-1185 Due to missing sanitising of filenames it is possible that a specially crafted filename can cause arbitrary commands to be executed. CAN-2004-1186 Multiple buffer overflows can cause the program to crash.
This issue should also affect FC2.