CVE-2004-0969
CVE-2004-0969 is a low-severity vulnerability in Gnu Groff with a CVSS 2.0 base score of 2.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Low (CVSS 2.0 base score 2.1)
- EPSS exploit prediction: 0% (30th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Gnu Groff
- Published:
- Last modified:
Description
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Frequently asked questions
- What is CVE-2004-0969?
- The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
- How severe is CVE-2004-0969?
- CVE-2004-0969 has a CVSS 2.0 base score of 2.1, rated low severity.
- Is CVE-2004-0969 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (30th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2004-0969?
- CVE-2004-0969 primarily affects Gnu Groff. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2004-0969?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2004-0969 published?
- CVE-2004-0969 was published on 2005-02-09 and last updated on 2026-06-16.
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
- http://secunia.com/advisories/18764
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
- http://www.securityfocus.com/bid/11287
- http://www.trustix.org/errata/2004/0050
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Affected products (4)
- cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
- cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
More vulnerabilities in Gnu Groff
- CVE-2000-0803 — Critical (CVSS 10.0): GNU Groff uses the current working directory to find a device description file, which allows a local user to gain…
- CVE-2002-0003 — High (CVSS 7.5): Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the…
- CVE-2001-1022 — High (CVSS 7.5): Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote…
- CVE-2009-5078 — Medium (CVSS 6.5): contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER…
- CVE-2009-5082 — Low (CVSS 3.3): The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl)…
- CVE-2009-5081 — Low (CVSS 3.3): The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff…