AVG-73

Package w3m
Status Fixed
Severity Critical
Type multiple issues
Affected 0.5.3.git20160413-1
Fixed 0.5.3.git20161031-1
Current 0.5.3.git20180125-1 [extra]
Ticket None
Created Fri Nov 18 12:00:03 2016
Issue Severity Remote Type Description
CVE-2016-9442 Medium Yes Denial of service
A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the...
CVE-2016-9441 Medium Yes Denial of service
A null pointer dereference problem has been discovered in the do_refill() function triggered by a malformed table_alt tag leading to a segmentation fault...
CVE-2016-9440 Medium Yes Denial of service
A null pointer dereference problem has been discovered in the formUpdateBuffer() function leading to a segmentation fault resulting in an application crash.
CVE-2016-9439 Medium Yes Denial of service
An infinite recursion problem has been discovered when processing nested table and textarea elements leading to an application crash.
CVE-2016-9438 Medium Yes Denial of service
A null pointer dereference problem has been discovered while processing the input_alt tag leading to an application crash.
CVE-2016-9437 High Yes Arbitrary code execution
An out of bounds write access has been discovered when using invalid button element type properties like '<button type=radio>'.
CVE-2016-9436 High Yes Arbitrary code execution
Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing null string termination for the tagname...
CVE-2016-9435 High Yes Arbitrary code execution
Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing PUSH_ENV(HTML_DL) call is leading to a...
CVE-2016-9434 Critical Yes Arbitrary code execution
An out of bounds write vulnerability has been discovered while handling form_int fields. An incorrect form_int fid is not properly checked and leads to an...
CVE-2016-9433 Medium Yes Denial of service
An out of bounds read access has been discovered in the iso2022 parsing while calculating the WC_CCS_INDEX leading to an application crash resulting in...
CVE-2016-9432 High Yes Arbitrary code execution
A vulnerability has been discovered in formUpdateBuffer() duo to insufficient bounds validation leading to a negative sized bcopy() call getting converted...
CVE-2016-9431 Critical Yes Arbitrary code execution
A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.
CVE-2016-9430 Medium Yes Denial of service
A problem has been discovered resulting in malformed input field type properties leading to an application crash.
CVE-2016-9429 High Yes Arbitrary code execution
An out of bounds write vulnerability has been discovered in formUpdateBuffer() duo to invalid length and position checks.
CVE-2016-9428 High Yes Arbitrary code execution
A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].
CVE-2016-9426 Critical Yes Arbitrary code execution
A heap corruption vulnerability has been discovered due to an integer overflow in renderTable() leading to an unexpected write outside the tabwidth array boundaries.
CVE-2016-9425 High Yes Arbitrary code execution
A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].
CVE-2016-9424 High Yes Arbitrary code execution
A heap out of bound write has been discovered due to a negative array index for selectnumber and textareanumber.
CVE-2016-9423 Critical Yes Arbitrary code execution
A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.
CVE-2016-9422 High Yes Arbitrary code execution
A problem has been discovered when rowspan and colspan are not at least 1. If either one of them is zero and the other is larger than 1, HTT_X and HTT_Y...
Date Advisory Package Description
18 Nov 2016 ASA-201611-18 w3m multiple issues
References
http://www.openwall.com/lists/oss-security/2016/11/18/3