w3m

A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the...

A null pointer dereference problem has been discovered in the do_refill() function triggered by a malformed table_alt tag leading to a segmentation fault...

A null pointer dereference problem has been discovered in the formUpdateBuffer() function leading to a segmentation fault resulting in an application crash.

An infinite recursion problem has been discovered when processing nested table and textarea elements leading to an application crash.

A null pointer dereference problem has been discovered while processing the input_alt tag leading to an application crash.

An out of bounds write access has been discovered when using invalid button element type properties like '<button type=radio>'.

Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing null string termination for the tagname...

Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing PUSH_ENV(HTML_DL) call is leading to a...

An out of bounds write vulnerability has been discovered while handling form_int fields. An incorrect form_int fid is not properly checked and leads to an...

An out of bounds read access has been discovered in the iso2022 parsing while calculating the WC_CCS_INDEX leading to an application crash resulting in...

A vulnerability has been discovered in formUpdateBuffer() duo to insufficient bounds validation leading to a negative sized bcopy() call getting converted...

A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.

A problem has been discovered resulting in malformed input field type properties leading to an application crash.

An out of bounds write vulnerability has been discovered in formUpdateBuffer() duo to invalid length and position checks.

A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].

A heap corruption vulnerability has been discovered due to an integer overflow in renderTable() leading to an unexpected write outside the tabwidth array boundaries.

A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].

A heap out of bound write has been discovered due to a negative array index for selectnumber and textareanumber.

A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.

A problem has been discovered when rowspan and colspan are not at least 1. If either one of them is zero and the other is larger than 1, HTT_X and HTT_Y...