GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | n/a |