Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jgroff | jgroff | * |
| gnu | groff | 1.15 |
| gnu | groff | 1.10 |
| gnu | groff | 1.11 |
| gnu | groff | 1.14 |
| gnu | groff | 1.16.1 |
| gnu | groff | 1.11a |