Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff prior to 1.15, allows remote malicious users to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu groff 1.14 |
||
gnu groff 1.15 |
||
gnu groff 1.16.1 |
||
jgroff jgroff |
||
gnu groff 1.11 |
||
gnu groff 1.11a |
||
gnu groff 1.10 |