UBUNTU-CVE-2009-5080

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2009-5080

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-5080.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2009-5080

Upstream

CVE-2009-5080

Published

2011-06-30T15:55:00Z

Modified

2025-10-24T04:44:51Z

Severity

Ubuntu - low

Summary

[none]

Details

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

References

Affected packages

Ubuntu:14.04:LTS / groff

Package

Name: groff
Purl: pkg:deb/ubuntu/groff@1.22.2-5?arch=source&distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.2-3

1.22.2-4

1.22.2-5

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.22.2-5",
            "binary_name": "groff"
        },
        {
            "binary_version": "1.22.2-5",
            "binary_name": "groff-base"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-5080.json"

Ubuntu:16.04:LTS / groff

Package

Name: groff
Purl: pkg:deb/ubuntu/groff@1.22.3-7?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.3-1

1.22.3-2

1.22.3-4

1.22.3-5

1.22.3-6

1.22.3-7

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.22.3-7",
            "binary_name": "groff"
        },
        {
            "binary_version": "1.22.3-7",
            "binary_name": "groff-base"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-5080.json"

Ubuntu:18.04:LTS / groff

Package

Name: groff
Purl: pkg:deb/ubuntu/groff@1.22.3-10?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.22.3-9

1.22.3-10

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "1.22.3-10",
            "binary_name": "groff"
        },
        {
            "binary_version": "1.22.3-10",
            "binary_name": "groff-base"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2009/UBUNTU-CVE-2009-5080.json"