CVE-2009-5044

CWE-59 CWE-37710 documents8 sources

Severity

3.3LOW

EPSS

0.1%

top 79.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X GNU Groff

Timeline

PublishedJun 24

Latest updateMay 3

Description

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages3 packages

▶Debiangroff< 1.20.1-5+3

▶NVDgnu/groff1.20.1+14

▶NVDapple/mac_os_x10.10.4

Patches

Patch: ftp.gnu.org ↗Patch: cvsweb.openwall.com ↗Patch: ftp.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-f2wq-wrc8-9j57: contrib/pdfmark/pdfroff↗2022-05-03

▶

OSV

CVE-2009-5044: contrib/pdfmark/pdfroff↗2011-06-24

▶

CVEList

CVE-2009-5044: contrib/pdfmark/pdfroff↗2011-06-24

▶

📋Vendor Advisories

Red Hat

groff: insecure temporary file handling in pdfroff↗2009-07-24

▶

Debian

CVE-2009-5044: groff - contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local use...↗2009

▶

Apple

CVE-2009-5044: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2009-5044 groff: insecure temporary file handling in pdfroff [fedora-14]↗2011-05-31

▶

Bugzilla

CVE-2009-5044 groff: insecure temporary file handling in pdfroff↗2011-05-31

▶

Bugzilla

CVE-2009-5044 groff: insecure temporary file handling in pdfroff [fedora-15]↗2011-05-31

▶