Format String Vulnerability in Groff Utility by GNU
CVE-2001-1022

Currently unrated

Key Information:

Vendor

Gnu
Status
Groff
Jgroff
Vendor
CVE Published:
26 July 2001

What is CVE-2001-1022?

A format string vulnerability exists in the pic utility within the groff software, allowing remote attackers to bypass the -S option. This flaw could lead to arbitrary command execution via crafted format string specifiers in the plot command, posing significant security threats to systems running vulnerable versions of groff. Users are encouraged to review security advisories and update their software to mitigate risks associated with this vulnerability.

References

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...
vendor-advisoryx_refsource_CONECTIVA
http://www.debian.org/security/2002/dsa-107
vendor-advisoryx_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/6918
vdb-entryx_refsource_XF

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.
CVE-2001-1022 : Format String Vulnerability in Groff Utility by GNU