Detections
Analytics

CVE-2009-5078

medium

Description

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

References

https://support.apple.com/kb/HT205031

http://www.securityfocus.com/bid/36381

http://openwall.com/lists/oss-security/2009/08/10/2

http://openwall.com/lists/oss-security/2009/08/09/1

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338

Details

Source: Mitre, NVD

Published: 2011-06-30

Updated: 2016-03-30

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Severity: Medium