Format string vulnerability in the inputAnswer function in file.c in w3m prior to 0.5.2, when run with the dump or backend option, allows remote malicious users to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
w3m w3m 0.5.1 |