Red Hat Bugzilla – Bug 144684
CAN-2004-1184 multiple security issues in enscript (CAN-2004-1185 CAN-2004-1186)
Last modified: 2007-11-30 17:10:58 EST
*** This bug has been split off bug 144683 ***
------- Original comment by Josh Bressers (Security Response Team) on 2005.01.10
This was reported to vendor-sec on 2004-01-07
Erik SjÃ¶lund has discovered several security relevant problems in
enscript, a program to converts ASCII text to Postscript and other
formats. The Common Vulnerabilities and Exposures project identifies
the following vulnerabilities:
Unsanitised input can caues the execution of arbitrary commands
via EPSF pipe support. This has been disabled, also upstream.
Due to missing sanitising of filenames it is possible that a
specially crafted filename can cause arbitrary commands to be
Multiple buffer overflows can cause the program to crash.
This issue should also affect FC2.