Unrated severityNVD Advisory· Published Jul 26, 2001· Updated Apr 16, 2026

CVE-2001-1022

Description

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Affected products

GNU/Groff6 versions
cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*
Jgroff/Jgroff
cpe:2.3:a:jgroff:jgroff:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2001/dsa-072nvdPatchVendor Advisory
www.securityfocus.com/archive/1/199706nvdPatch
www.securityfocus.com/bid/3103nvdExploitPatch
distro.conectiva.com.br/atualizacoes/nvd
www.debian.org/security/2002/dsa-107nvd
www.osvdb.org/1914nvd
www.redhat.com/support/errata/RHSA-2002-004.htmlnvd
exchange.xforce.ibmcloud.com/vulnerabilities/6918nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000