• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Troff (Groff) Insecure Temporary File Creation Vulnerabilities

GNU Troff (groff) is affected by multiple insecure temporary file creation vulnerabilities. These issues are due to a design error that causes the application to fail to verify the existence of a file before writing to it.

An attacker may leverage these issues to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.

GNU Troff (groff) 1.18 is reported vulnerable to these issues. Other versions are likely to be vulnerable as well. This BID will be updated when more information becomes available.