Vulnerability in Gnu Enscript
CVE-2004-1185
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
EPSS: 0.045 (90.2th percentile) — read the EPSS interpretation.
Affected products
- Gnu Enscript — versions 1.3.0, 1.4.0, 1.5.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_FEDORA, vendor-advisory)
- cve@mitre.org (vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)