Published: 12/12/2016 Updated: 29/12/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in the Tatsuya Kinoshita w3m fork prior to 0.5.3-31. w3m allows remote malicious users to cause memory corruption in certain conditions via a crafted HTML page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tats w3m

Debian Bug report logs - #844726 w3m: CVE-2016-9439: stack overflow Package: src:w3m; Maintainer for src:w3m is Tatsuya Kinoshita <tats@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 18 Nov 2016 13:39:01 UTC Severity: normal Tags: patch, security, upstream Found in version w3m/053-8 ...

Several security issues were fixed in w3m ...

An issue was discovered in the Tatsuya Kinoshita w3m fork before 053-31 w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page ...

A potential heap buffer corruption vulnerability has been discovered due to Strgrow Note that w3m's allocator (boehmgc) preserves more space than the required size due to bucketing so the heap shouldn't be corrupted in practice ...

CWE-119 http://www.openwall.com/lists/oss-security/2016/11/18/3 https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29 https://github.com/tats/w3m/blob/master/ChangeLog http://www.securityfocus.com/bid/94407 https://security.gentoo.org/glsa/201701-08 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844726 https://usn.ubuntu.com/3214-1/https://nvd.nist.gov

CVE-2016-9442

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect