Vulnerability CVE-2016-9426: Information

Description

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.

Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-9426
Published: Dec. 12, 2016
Modified: Dec. 29, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
w3msisyphus0.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp100.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed
w3mp90.5.3-alt3.git202005020.5.3-alt3.git20200502ALT-PU-2020-3099-2260134Fixed
w3mc10f10.5.3-alt3.git202005020.5.3-alt4.git20200502ALT-PU-2020-3081-1260133Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
[oss-security] 20161118 Re: CVE request: w3m - multiple vulnerabilities
  • Mailing List
  • Third Party Advisory
https://github.com/tats/w3m/issues/25
  • Issue Tracking
  • Patch
https://github.com/tats/w3m/blob/master/ChangeLog
  • Issue Tracking
  • Patch
94407
    GLSA-201701-08

        1. Configuration 1

          cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*
          End including
          0.5.3-30
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top