Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2001-1022

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

  • Published: Jul 26, 2001
  • Updated: Apr 13, 2023
  • CVE: CVE-2001-1022
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
gnu / groff 1.16.1 1.16.1.x
gnu / groff 1.11a 1.11a.x
gnu / groff 1.14 1.14.x
jgroff / jgroff - -
gnu / groff 1.10 1.10.x
gnu / groff 1.11 1.11.x
gnu / groff 1.15 1.15.x