CVE-2008-5078

Description

Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.

How to fix CVE-2008-5078

To remediate CVE-2008-5078, upgrade the affected package to a fixed version below.

• Debian/enscript—upgrade to 1.6.4-13 or later

Is CVE-2008-5078 being exploited?

Low — EPSS is 5.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.6.4-13

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-5078