CVE Vulnerabilities

CVE-2001-1022

Published: Jul 26, 2001 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Affected Software

Name Vendor Start Version End Version
Groff Gnu 1.10 1.10
Groff Gnu 1.11 1.11
Groff Gnu 1.11a 1.11a
Groff Gnu 1.14 1.14
Groff Gnu 1.15 1.15
Groff Gnu 1.16.1 1.16.1
Jgroff Jgroff * *

References