CVE-2009-5078

Published: 6/30/2011 Last updated: 8/7/2024 Reserved: 6/30/2011

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

catala

Products affected (1)

Product	Vendor	Version
n/a	n/a	Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016

References (14)

http://openwall.com/lists/oss-security/2009/08/09/1
http://openwall.com/lists/oss-security/2009/08/10/2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338
http://www.securityfocus.com/bid/36381
ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031
http://openwall.com/lists/oss-security/2009/08/09/1
http://openwall.com/lists/oss-security/2009/08/10/2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338
http://www.securityfocus.com/bid/36381
ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
https://support.apple.com/kb/HT205031