CVE 2004-1296

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Related bugs and status

CVE-2004-1296 (Candidate) is related to these bugs:

Bug #11319: pic2graph: Vulnerable to symlink attack through temporary file

Summary				In	Importance	Status
	11319	pic2graph: Vulnerable to symlink attack through temporary file		groff (Ubuntu)	High	Fix Released
	11319	pic2graph: Vulnerable to symlink attack through temporary file		groff (Debian)	Unknown	Fix Released

Bug #11320: eqn2graph: Vulnerable to symlink attack through temporary file

Summary				In	Importance	Status
	11320	eqn2graph: Vulnerable to symlink attack through temporary file		groff (Ubuntu)	High	Fix Released
	11320	eqn2graph: Vulnerable to symlink attack through temporary file		groff (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.