Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Groff | Gnu | 1.10 | 1.10 |
Groff | Gnu | 1.11 | 1.11 |
Groff | Gnu | 1.11a | 1.11a |
Groff | Gnu | 1.14 | 1.14 |
Groff | Gnu | 1.15 | 1.15 |
Groff | Gnu | 1.16.1 | 1.16.1 |
Jgroff | Jgroff | * | * |