CVE-2009-5078

6.5MEDIUM

Key Information:

Vendor: Gnu
Status: Groff
Vendor: CVE Published:; 30 June 2011

Summary

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

References

http://openwall.com/lists/oss-security/2009/08/09/1

mailing-listx_refsource_MLIST

http://openwall.com/lists/oss-security/2009/08/10/2

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 30, 2011
Vulnerability Reserved
Jun 30, 2011