PT-2011-1197 · Gnu+1 · Groff+1

Nico Golde

Published

2011-06-30

Updated

2016-03-30

CVE-2009-5078

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions groff versions prior to 1.22.2 groff versions prior to 1.21

Description The issue allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. Multiple vulnerabilities in the groff package can lead to a violation of the integrity and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely.

Recommendations For versions prior to 1.21, update to version 1.21 or later. For versions prior to 1.22.2, update to version 1.22.2 or later. As a temporary workaround, consider disabling the pdfroff.sh script in contrib/pdfmark/ until a patch is available.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-254

Related Identifiers

ALT-PU-2016-1079

BDU:2015-09687

CVE-2009-5078

Affected Products

Alt Linux

Groff

PT-2011-1197 · Gnu+1 · Groff+1

CVE-2009-5078

Weakness Enumeration

Related Identifiers

Affected Products

References · 20