{"vuid":"VU#399883","idnumber":"399883","name":"Linux groff utility pic contains format string vulnerability","keywords":["Linux","pic","format string","remote access","groff","lpd"],"overview":"The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code.","clean_desc":"groff is an image processing package on Linux systems. A component of groff called pic contains a format-string vulnerability that can be exploited to execute arbitrary code. Since groff and pic are used by lpd to render documents for printing, an attacker can craft a printer spool file to execute arbitrary code on an lpd print server.","impact":"Remote attackers can cause execution of arbitrary code.","resolution":"Apply a patch or upgrade Apply a patch or upgrade as appropriate. See the Systems Affected section for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to zen-parse for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum and Art Manion.","public":["h","t","t","p",":","/","/","w","w","w",".","s","e","c","u","r","i","t","y","f","o","c","u","s",".","c","o","m","/","b","i","d","/","3","1","0","3"],"cveids":["CVE-2001-1022"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-07-27T16:41:23Z","publicdate":"2001-07-26T00:00:00Z","datefirstpublished":"2003-10-27T18:16:05Z","dateupdated":"2003-10-28T17:18:19Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"11","cam_impact":"17","cam_easeofexploitation":"11","cam_attackeraccessrequired":"14","cam_scorecurrent":"10.79925","cam_scorecurrentwidelyknown":"13.4990625","cam_scorecurrentwidelyknownexploited":"24.2983125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.79925,"vulnote":null}