Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2009-5079

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

  • Published: Jun 30, 2011
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-5079
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.3
  • AV:L/AC:M/Au:N/C:N/I:P/A:P

CWEs:

Software From Fixed in
gnu / groff - 1.21.x
gnu / groff 1.16.1 1.16.1.x
gnu / groff 1.16 1.16.x
gnu / groff 1.19.2 1.19.2.x
gnu / groff 1.18.1 1.18.1.x
gnu / groff 1.11a 1.11a.x
gnu / groff 1.19.1 1.19.1.x
gnu / groff 1.20 1.20.x
gnu / groff 1.19 1.19.x
gnu / groff 1.20.1 1.20.1.x
gnu / groff 1.14 1.14.x
gnu / groff 1.17.2 1.17.2.x
gnu / groff 1.10 1.10.x
gnu / groff 1.17.1 1.17.1.x
gnu / groff 1.11 1.11.x
gnu / groff 1.15 1.15.x