GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
CVSS Score
10.0
EPSS Score
0.008
Published
2000-12-19
Page 2