tats/w3m

GitHub

github.com

tracker.debian.org

Releases141

Frequency1 month 3 weeks

Last Release over 3 years ago

Stars1.06K

Debian's w3m: WWW browsable pager

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-4255 ↗	Dec 21, 2023Thursday, 21 December 2023, 16:15	5.5 MEDIUM	—
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
CVE-2023-38253 ↗	Jul 14, 2023Friday, 14 July 2023, 18:15	4.7 MEDIUM	—
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
CVE-2023-38252 ↗	Jul 14, 2023Friday, 14 July 2023, 18:15	4.7 MEDIUM	—
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
CVE-2022-38223 ↗	Aug 15, 2022Monday, 15 August 2022, 11:21	7.8 HIGH	—
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2018-6198 ↗	Jan 25, 2018Thursday, 25 January 2018, 03:29	—	3.3 LOW
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
CVE-2018-6197 ↗	Jan 25, 2018Thursday, 25 January 2018, 03:29	—	5 MEDIUM
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
CVE-2018-6196 ↗	Jan 25, 2018Thursday, 25 January 2018, 03:29	—	5 MEDIUM
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
CVE-2016-9435 ↗	Jan 20, 2017Friday, 20 January 2017, 15:59	—	4.3 MEDIUM
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
CVE-2016-9436 ↗	Jan 20, 2017Friday, 20 January 2017, 15:59	—	4.3 MEDIUM
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVE-2016-9633 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
CVE-2016-9632 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9631 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9630 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
CVE-2016-9629 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9628 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9627 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
CVE-2016-9626 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
CVE-2016-9625 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
CVE-2016-9624 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9623 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9622 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9443 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9442 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
CVE-2016-9441 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9440 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9439 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
CVE-2016-9438 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9437 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.
CVE-2016-9434 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9433 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page.
CVE-2016-9432 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page.
CVE-2016-9431 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
CVE-2016-9430 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	4.3 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
CVE-2016-9429 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9428 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	8.8 HIGH	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9426 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
CVE-2016-9425 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9424 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9423 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9422 ↗	Dec 12, 2016Monday, 12 December 2016, 02:59	—	6.8 MEDIUM
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.