GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | <= <= 3.0.0 |
| n/a | n/a | < 2025.1 |