CVE-2016-9442 log

Source
Severity Medium
Remote Yes
Type Denial of service
Description
A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the required size due to bucketing so the heap shouldn't be corrupted in practice.
Group Package Affected Fixed Severity Status Ticket
AVG-73 w3m 0.5.3.git20160413-1 0.5.3.git20161031-1 Critical Fixed
Date Advisory Group Package Severity Description
18 Nov 2016 ASA-201611-18 AVG-73 w3m Critical multiple issues
References
http://www.openwall.com/lists/oss-security/2016/11/18/3
https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29