Total vulnerabilities in the database
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
| Software | From | Fixed in |
|---|---|---|
| gnu / groff | - | 1.21.x |
| gnu / groff | 1.16.1 | 1.16.1.x |
| gnu / groff | 1.16 | 1.16.x |
| gnu / groff | 1.19.2 | 1.19.2.x |
| gnu / groff | 1.18.1 | 1.18.1.x |
| gnu / groff | 1.11a | 1.11a.x |
| gnu / groff | 1.19.1 | 1.19.1.x |
| gnu / groff | 1.20 | 1.20.x |
| gnu / groff | 1.19 | 1.19.x |
| gnu / groff | 1.20.1 | 1.20.1.x |
| gnu / groff | 1.14 | 1.14.x |
| gnu / groff | 1.17.2 | 1.17.2.x |
| gnu / groff | 1.10 | 1.10.x |
| gnu / groff | 1.17.1 | 1.17.1.x |
| gnu / groff | 1.11 | 1.11.x |
| gnu / groff | 1.15 | 1.15.x |