GNU Groff uses the current working directory to find a device description file which allows a local user to gain additional privileges by including a malicious postpro directive in the description file which is executed when another user runs groff.

...

CVE-2000-0803

GNU Groff is affected by a local privilege escalation vulnerability in which the program searches the current working directory for a device description file. The underlying issue is a directory-based lookup (postpro directive) that, if a malicious device description file is present, can execute ...