Debian W3M vulnerabilities

CVE-2023-4255 [MEDIUM] CVE-2023-4255: w3m - An out-of-bounds write issue has been discovered in the backspace handling of th... An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. Scope: local bookworm: open bulls

CVE-2023-38252 [MEDIUM] CVE-2023-38252: w3m - An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.... An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2023-38253 [MEDIUM] CVE-2023-38253: w3m - An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in i... An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2022-38223 [HIGH] CVE-2022-38223: w3m - There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It c... There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Scope: local bookworm: resolved (fixed in 0.5.3+git20230121-1) bullseye: resolved (fixed in 0.5.3+git20210102-6+deb11u1) forky: resolv

CVE-2018-6197 [HIGH] CVE-2018-6197: w3m - w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffe... w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. Scope: local bookworm: resolved (fixed in 0.5.3-36) bullseye: resolved (fixed in 0.5.3-36) forky: resolved (fixed in 0.5.3-36) sid: resolved (fixed in 0.5.3-36) trixie: resolved (fixed in 0.5.3-36)

CVE-2018-6196 [HIGH] CVE-2018-6196: w3m - w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 becaus... w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. Scope: local bookworm: resolved (fixed in 0.5.3-36) bullseye: resolved (fixed in 0.5.3-36) forky: resolved (fixed in 0.5.3-36) sid: resolved (fixed in 0.5.3-36) trixie: resolved (fixed in 0.5.3-36)

CVE-2018-6198 [MEDIUM] CVE-2018-6198: w3m - w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m direc... w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. Scope: local bookworm: resolved (fixed in 0.5.3-36) bullseye: resolved (fixed in 0.5.3-36) forky: resolved (fixed in 0.5.3-36) sid: resolved (fixed in 0.5.3-36) trixie: resolved (fixed i

CVE-2016-9422 [HIGH] CVE-2016-9422: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The f... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bulls

CVE-2016-9425 [HIGH] CVE-2016-9425: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fi

CVE-2016-9429 [HIGH] CVE-2016-9429: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffe... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.

CVE-2016-9423 [HIGH] CVE-2016-9423: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.3-30) sid: resolved (f

CVE-2016-9424 [HIGH] CVE-2016-9424: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m d... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) f

CVE-2016-9426 [HIGH] CVE-2016-9426: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integ... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed

CVE-2016-9428 [HIGH] CVE-2016-9428: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fi

CVE-2016-9433 [MEDIUM] CVE-2016-9433: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m a... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.3-30) sid: resolved (fixed in 0.5.3-30) trixie: resolved (fixed i

CVE-2016-9439 [MEDIUM] CVE-2016-9439: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infin... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-33) bullseye: resolved (fixed in 0.5.3-33) forky: resolved (fixed in 0.5.3-33) sid: resolved (fixed in 0.5.3-33) trixie: resolved (

CVE-2016-9437 [MEDIUM] CVE-2016-9437: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m a... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.3-30) sid: resolved (fixed in 0.

CVE-2016-9633 [MEDIUM] CVE-2016-9633: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m a... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-33) bullseye: resolved (fixed in 0.5.3-33) forky: resolved (fixed in 0.5.3-33) sid: resolved (fixed in 0.5.3-33) trixie: resol

CVE-2016-9440 [MEDIUM] CVE-2016-9440: w3m - An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m a... An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.3-30) sid: resolved (fixed in 0.5.3-30) trixie: resolved (fixed

CVE-2016-9436 [MEDIUM] CVE-2016-9436: w3m - parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values,... parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag. Scope: local bookworm: resolved (fixed in 0.5.3-30) bullseye: resolved (fixed in 0.5.3-30) forky: resolved (fixed in 0.5.3-30) sid: resolved (fixed in 0.5.3-30) trixie: resolved (fixed in 0.5.3