|Type||Arbitrary code execution|
A problem has been discovered when rowspan and colspan are not at least 1. If either one of them is zero and the other is larger than 1, HTT_X and HTT_Y attributes are not set correctly resulting in a wrong calculation of maxcol or maxrow (not including colspan/rowspan). This is leading to a potentially exploitable buffer overflow.
|18 Nov 2016||ASA-201611-18||AVG-73||w3m||Critical||multiple issues|