CVE-2009-5080

Name of the Vulnerable Software and Affected Versions groff versions prior to 1.22.2

Description The issue affects the groff package in Gentoo Linux and concerns multiple vulnerabilities that can be exploited remotely, potentially leading to a breach of data integrity and availability. Specifically, in GNU troff (also known as groff) version 1.21 and earlier, certain scripts do not properly handle failed attempts to create temporary directories. This could allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory. The affected scripts include eqn2graph.sh, grap2graph.sh, and pic2graph.sh.

Recommendations For groff versions prior to 1.22.2, update to version 1.22.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the eqn2graph.sh, grap2graph.sh, and pic2graph.sh scripts until a patch is available.