CVE-2001-1022

Name of the Vulnerable Software and Affected Versions groff versions 1.16.1 and other versions jgroff versions prior to 1.15

Description The issue allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Recommendations For groff version 1.16.1, update to a version that fixes the format string vulnerability in the pic utility. For jgroff versions prior to 1.15, update to version 1.15 or later to resolve the issue. As a temporary workaround, consider restricting the use of the plot command in groff and jgroff until a patch is available.