w3m

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Text-based Web browser as well as pager
Version 0.5.3.git20230713_1-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-73 0.5.3.git20160413-1 0.5.3.git20161031-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2016-9442 AVG-73 Medium Yes Denial of service
A potential heap buffer corruption vulnerability has been discovered due to Strgrow. Note that w3m's allocator (boehmgc) preserves more space than the...
CVE-2016-9441 AVG-73 Medium Yes Denial of service
A null pointer dereference problem has been discovered in the do_refill() function triggered by a malformed table_alt tag leading to a segmentation fault...
CVE-2016-9440 AVG-73 Medium Yes Denial of service
A null pointer dereference problem has been discovered in the formUpdateBuffer() function leading to a segmentation fault resulting in an application crash.
CVE-2016-9439 AVG-73 Medium Yes Denial of service
An infinite recursion problem has been discovered when processing nested table and textarea elements leading to an application crash.
CVE-2016-9438 AVG-73 Medium Yes Denial of service
A null pointer dereference problem has been discovered while processing the input_alt tag leading to an application crash.
CVE-2016-9437 AVG-73 High Yes Arbitrary code execution
An out of bounds write access has been discovered when using invalid button element type properties like '<button type=radio>'.
CVE-2016-9436 AVG-73 High Yes Arbitrary code execution
Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing null string termination for the tagname...
CVE-2016-9435 AVG-73 High Yes Arbitrary code execution
Multiple issues have been discovered related to uninitialized values for <i> and <dd> HTML elements. A missing PUSH_ENV(HTML_DL) call is leading to a...
CVE-2016-9434 AVG-73 Critical Yes Arbitrary code execution
An out of bounds write vulnerability has been discovered while handling form_int fields. An incorrect form_int fid is not properly checked and leads to an...
CVE-2016-9433 AVG-73 Medium Yes Denial of service
An out of bounds read access has been discovered in the iso2022 parsing while calculating the WC_CCS_INDEX leading to an application crash resulting in...
CVE-2016-9432 AVG-73 High Yes Arbitrary code execution
A vulnerability has been discovered in formUpdateBuffer() duo to insufficient bounds validation leading to a negative sized bcopy() call getting converted...
CVE-2016-9431 AVG-73 Critical Yes Arbitrary code execution
A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.
CVE-2016-9430 AVG-73 Medium Yes Denial of service
A problem has been discovered resulting in malformed input field type properties leading to an application crash.
CVE-2016-9429 AVG-73 High Yes Arbitrary code execution
An out of bounds write vulnerability has been discovered in formUpdateBuffer() duo to invalid length and position checks.
CVE-2016-9428 AVG-73 High Yes Arbitrary code execution
A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].
CVE-2016-9426 AVG-73 Critical Yes Arbitrary code execution
A heap corruption vulnerability has been discovered due to an integer overflow in renderTable() leading to an unexpected write outside the tabwidth array boundaries.
CVE-2016-9425 AVG-73 High Yes Arbitrary code execution
A heap buffer overflow vulnerability has been discovered in addMultirowsForm() duo to an invalid array access resulting in a write to lineBuf[-1].
CVE-2016-9424 AVG-73 High Yes Arbitrary code execution
A heap out of bound write has been discovered due to a negative array index for selectnumber and textareanumber.
CVE-2016-9423 AVG-73 Critical Yes Arbitrary code execution
A stack overflow vulnerability has been discovered in deleteFrameSet() on specially crafted input like a malformed HTML tag.
CVE-2016-9422 AVG-73 High Yes Arbitrary code execution
A problem has been discovered when rowspan and colspan are not at least 1. If either one of them is zero and the other is larger than 1, HTT_X and HTT_Y...

Advisories

Date Advisory Group Severity Type
18 Nov 2016 ASA-201611-18 AVG-73 Critical multiple issues