Log

CVE-2016-9426 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap corruption vulnerability has been discovered due to an integer overflow in renderTable() leading to an unexpected write outside the tabwidth array boundaries.
References
+ https://github.com/tats/w3m/issues/25
Notes
CVE-2016-9428 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].
References
+ https://github.com/tats/w3m/issues/26
Notes
CVE-2016-9429 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds write vulnerability has been discovered in formUpdateBuffer() duo to invalid length and position checks.
References
+ https://github.com/tats/w3m/issues/29
Notes
CVE-2016-9430 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ A problem has been discovered resulting in malformed input field type properties leading to an application crash.
References
+ https://github.com/tats/w3m/issues/7
Notes
CVE-2016-9431 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.
References
+ https://github.com/tats/w3m/issues/10
Notes
CVE-2016-9432 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ A vulnerability has been discovered in formUpdateBuffer() duo to insufficient bounds validation leading to a negative sized bcopy() call getting converted to an unexpectedly large value.
References
+ https://github.com/tats/w3m/issues/13
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
Notes
CVE-2016-9433 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Denial of service
Description
+ An out of bounds read access has been discovered in the iso2022 parsing while calculating the WC_CCS_INDEX leading to an application crash resulting in denial of service.
References
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
+ https://github.com/tats/w3m/issues/14
Notes
CVE-2016-9434 created at 25 Sep 2019 19:31:40
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ An out of bounds write vulnerability has been discovered while handling form_int fields. An incorrect form_int fid is not properly checked and leads to an out of bounds write in forms[form_id]->next.
References
+ https://github.com/tats/w3m/issues/15
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
Notes
CVE-2016-9435 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing PUSH_ENV(HTML_DL) call is leading to a conditional jump or move depending on an uninitialized value resulting in a stack overflow vulnerability.
References
+ https://github.com/tats/w3m/issues/16
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
Notes
CVE-2016-9436 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing null string termination for the tagname variable in parsetagx.c is leading to an out of bounds access.
References
+ https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
+ http://www.openwall.com/lists/oss-security/2016/11/18/3
Notes