Every CVE whose affected-product data names Gnu Groff, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2000-0803 — CVSS 10.0 (critical): GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by…
CVE-2001-1022 — CVSS 7.5 (high): Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass…
CVE-2002-0003 — CVSS 7.5 (high): Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing…
CVE-2009-5078 — CVSS 6.5 (medium): contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows…
CVE-2009-5044 — CVSS 3.3 (low): contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a…
CVE-2009-5079 — CVSS 3.3 (low): The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow…
CVE-2009-5080 — CVSS 3.3 (low): The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff…
CVE-2009-5081 — CVSS 3.3 (low): The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and…
CVE-2009-5082 — CVSS 3.3 (low): The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create…
CVE-2004-0969 — CVSS 2.1 (low): The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other…