Vulnerability CVE-2016-9435: Information

Description

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9435
Published: Jan. 20, 2017
Modified: Dec. 29, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
w3msisyphus0.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp100.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp90.5.3-alt3.git202005020.5.3-alt3.git20200502ALT-PU-2020-3099-2260134Fixed
w3mc10f10.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp110.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
GLSA-201701-08
  • Third Party Advisory
  • VDB Entry
https://github.com/tats/w3m/issues/16
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
  • Issue Tracking
  • Patch
  • Third Party Advisory
94407
  • Third Party Advisory
  • VDB Entry
[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities
  • Mailing List
  • Patch
  • Third Party Advisory
openSUSE-SU-2016:3121
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*
      cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*

      Configuration 2

      cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*
      End including
      0.5.3\+git20160718
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top