SUSE CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

DEBIAN-CVE-2009-5081

The 1 config.guess, 2 contrib/groffer/perl/groffer.pl, and 3 contrib/groffer/perl/roff2.pl scripts in GNU troff aka groff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary fil...

DEBIAN-CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

USN-13-1: groff utility vulnerability

Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility "groffer" created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program...

GNU groff 1.1x - xploitation Via LPD

// source: https://www.securityfocus.com/bid/3103/info lpd is the print spooling daemon. It is used to support network printing on a variety of unix platforms. The version of lpd that ships with linux systems invokes groff to process documents that are to be printed. The groff utility used to...