CVE-2009-5078

CWE-2549 documents8 sources

Severity

6.5MEDIUM

EPSS

1.3%

top 20.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X GNU Groff

Timeline

PublishedJun 30

Latest updateMay 3

Description

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

▶Debiangroff< 1.20.1-5+3

▶NVDgnu/groff1.20.1+14

▶NVDapple/mac_os_x10.10.4

Patches

Patch: ftp.gnu.org ↗Patch: ftp.gnu.org ↗

🔴Vulnerability Details

GHSA

GHSA-pg77-m46r-9ph2: contrib/pdfmark/pdfroff↗2022-05-03

▶

OSV

CVE-2009-5078: contrib/pdfmark/pdfroff↗2011-06-30

▶

CVEList

CVE-2009-5078: contrib/pdfmark/pdfroff↗2011-06-30

▶

📋Vendor Advisories

Red Hat

groff: pdfroff.sh launches Ghostscript without -dSAFER↗2009-07-24

▶

Debian

CVE-2009-5078: groff - contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Gho...↗2009

▶

Apple

CVE-2009-5078: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2009-5078 groff: pdfroff.sh launches Ghostscript without -dSAFER↗2011-07-08

▶

Bugzilla

CVE-2009-5078 groff: pdfroff.sh launches Ghostscript without -dSAFER [fedora-14]↗2011-07-08

▶