Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.04682.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a n/a affected
Version Status Constraints
n/a affected

Configuration 1 [-]

OR cpe:2.3:o:ubuntu:linux:6.06:lts:*:*:*:*:*:*
cpe:2.3:o:ubuntu:linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:linux:8.04:lts:*:*:*:*:*:*
cpe:2.3:o:ubuntu:linux:8.10:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 2.1
enscript-0:1.6.1-16.7 cpe:/o:redhat:enterprise_linux:2.1 RHSA-2008:1021 2008-12-15T00:00:00Z
Red Hat Enterprise Linux 3
enscript-0:1.6.1-24.7 cpe:/o:redhat:enterprise_linux:3 RHSA-2008:1021 2008-12-15T00:00:00Z
Red Hat Enterprise Linux 4
enscript-0:1.6.1-33.el4_7.1 cpe:/o:redhat:enterprise_linux:4 RHSA-2008:1021 2008-12-15T00:00:00Z
Red Hat Enterprise Linux 5
enscript-0:1.6.4-4.1.1.el5_2 cpe:/o:redhat:enterprise_linux:5 RHSA-2008:1016 2008-12-15T00:00:00Z

No data.

Project Subscriptions

Vendors Products
Redhat Subscribe
Enterprise Linux Subscribe
Ubuntu Subscribe
Linux Subscribe
Advisories
Source ID Title
Debian DSA Debian DSA DSA-1670-1 New enscript packages fix arbitrary code execution
EUVD EUVD EUVD-2008-4289 Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence.
Ubuntu USN Ubuntu USN USN-660-1 enscript vulnerability
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html cve-icon cve-icon
http://osvdb.org/49569 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-1021.html cve-icon cve-icon
http://secunia.com/advisories/32521 cve-icon cve-icon
http://secunia.com/advisories/32530 cve-icon cve-icon
http://secunia.com/advisories/32753 cve-icon cve-icon
http://secunia.com/advisories/32854 cve-icon cve-icon
http://secunia.com/advisories/32970 cve-icon cve-icon
http://secunia.com/advisories/33109 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200812-02.xml cve-icon cve-icon
http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0321 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1670 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:243 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-1016.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/498385/100/0/threaded cve-icon cve-icon
http://www.ubuntu.com/usn/usn-660-1 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-2887 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-4306 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10718 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-4306 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00014.html cve-icon cve-icon
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00040.html cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T10:08:34.992Z

Reserved: 2008-09-29T00:00:00.000Z

Link: CVE-2008-4306

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-11-04T21:00:01.767

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4306

cve-icon Redhat

Severity : Moderate

Publid Date: 2008-10-29T00:00:00Z

Links: CVE-2008-4306 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses