CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
87.6%
Severity: Critical
Date : 2016-11-18
CVE-ID : CVE-2016-9422 CVE-2016-9423 CVE-2016-9424 CVE-2016-9425
CVE-2016-9426 CVE-2016-9428 CVE-2016-9429 CVE-2016-9430
CVE-2016-9431 CVE-2016-9432 CVE-2016-9433 CVE-2016-9434
CVE-2016-9435 CVE-2016-9436 CVE-2016-9437 CVE-2016-9438
CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9442
Package : w3m
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package w3m before version 0.5.3.git20161031-1 is vulnerable to
multiple issues including arbitrary code execution and denial of
service.
Upgrade to 0.5.3.git20161031-1.
The problems have been fixed upstream in version 0.5.3.git20161031.
None.
A problem has been discovered when rowspan and colspan are not at least
A stack overflow vulnerability has been discovered in deleteFrameSet()
on specially crafted input like a malformed HTML tag.
A heap out of bound write has been discovered due to a negative array
index for selectnumber and textareanumber.
A heap buffer overflow vulnerability has been discovered in
addMultirowsForm() duo to an invalid array access resulting in a write
to lineBuf[-1].
A heap corruption vulnerability has been discovered due to an integer
overflow in renderTable() leading to an unexpected write outside the
tabwidth array boundaries.
A heap buffer overflow vulnerability has been discovered in
addMultirowsForm() duo to an invalid array access resulting in a write
to lineBuf[-1].
An out of bounds write vulnerability has been discovered in
formUpdateBuffer() duo to invalid length and position checks.
A problem has been discovered resulting in malformed input field type
properties leading to an application crash.
A stack overflow vulnerability has been discovered in deleteFrameSet()
on specially crafted input like a malformed HTML tag.
A vulnerability has been discovered in formUpdateBuffer() duo to
insufficient bounds validation leading to a negative sized bcopy() call
getting converted to an unexpectedly large value.
An out of bounds read access has been discovered in the iso2022 parsing
while calculating the WC_CCS_INDEX leading to an application crash
resulting in denial of service.
An out of bounds write vulnerability has been discovered while handling
form_int fields. An incorrect form_int fid is not properly checked and
leads to an out of bounds write in forms[form_id]->next.
Multiple issues have been discovered related to uninitialized values
for <i> and <dd> HTML elements. A missing PUSH_ENV(HTML_DL) call is
leading to a conditional jump or move depending on an uninitialized
value resulting in a stack overflow vulnerability.
Multiple issues have been discovered related to uninitialized values
for <i> and <dd> HTML elements. A missing null string termination for
the tagname variable in parsetagx.c is leading to an out of bounds
access.
An out of bounds write access has been discovered when using invalid
button element type properties like ‘<button type=radio>’.
A null pointer dereference problem has been discovered while processing
the input_alt tag leading to an application crash.
An infinite recursion problem has been discovered when processing
nested table and textarea elements leading to an application crash.
A null pointer dereference problem has been discovered in the
formUpdateBuffer() function leading to a segmentation fault resulting
in an application crash.
A null pointer dereference problem has been discovered in the
do_refill() function triggered by a malformed table_alt tag leading to
a segmentation fault resulting in an application crash.
A potential heap buffer corruption vulnerability has been discovered
due to Strgrow. Note that w3m’s allocator (boehmgc) preserves more
space than the required size due to bucketing so the heap shouldn’t be
corrupted in practice.
A remote attacker is able to execute arbitrary code or crash the
application via various vectors.
http://www.openwall.com/lists/oss-security/2016/11/18/3
https://github.com/tats/w3m/issues/8
https://github.com/tats/w3m/issues/9
https://github.com/tats/w3m/issues/12
https://github.com/tats/w3m/issues/21
https://github.com/tats/w3m/issues/25
https://github.com/tats/w3m/issues/26
https://github.com/tats/w3m/issues/29
https://github.com/tats/w3m/issues/7
https://github.com/tats/w3m/issues/10
https://github.com/tats/w3m/issues/13
https://github.com/tats/w3m/issues/14
https://github.com/tats/w3m/issues/15
https://github.com/tats/w3m/issues/16
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
https://github.com/tats/w3m/issues/17
https://github.com/tats/w3m/issues/18
https://github.com/tats/w3m/issues/20
https://github.com/tats/w3m/issues/22
https://github.com/tats/w3m/issues/24
https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
https://access.redhat.com/security/cve/CVE-2016-9422
https://access.redhat.com/security/cve/CVE-2016-9423
https://access.redhat.com/security/cve/CVE-2016-9424
https://access.redhat.com/security/cve/CVE-2016-9425
https://access.redhat.com/security/cve/CVE-2016-9426
https://access.redhat.com/security/cve/CVE-2016-9428
https://access.redhat.com/security/cve/CVE-2016-9429
https://access.redhat.com/security/cve/CVE-2016-9430
https://access.redhat.com/security/cve/CVE-2016-9431
https://access.redhat.com/security/cve/CVE-2016-9432
https://access.redhat.com/security/cve/CVE-2016-9433
https://access.redhat.com/security/cve/CVE-2016-9434
https://access.redhat.com/security/cve/CVE-2016-9435
https://access.redhat.com/security/cve/CVE-2016-9436
https://access.redhat.com/security/cve/CVE-2016-9437
https://access.redhat.com/security/cve/CVE-2016-9438
https://access.redhat.com/security/cve/CVE-2016-9439
https://access.redhat.com/security/cve/CVE-2016-9440
https://access.redhat.com/security/cve/CVE-2016-9441
https://access.redhat.com/security/cve/CVE-2016-9442
www.openwall.com/lists/oss-security/2016/11/18/3
access.redhat.com/security/cve/CVE-2016-9422
access.redhat.com/security/cve/CVE-2016-9423
access.redhat.com/security/cve/CVE-2016-9424
access.redhat.com/security/cve/CVE-2016-9425
access.redhat.com/security/cve/CVE-2016-9426
access.redhat.com/security/cve/CVE-2016-9428
access.redhat.com/security/cve/CVE-2016-9429
access.redhat.com/security/cve/CVE-2016-9430
access.redhat.com/security/cve/CVE-2016-9431
access.redhat.com/security/cve/CVE-2016-9432
access.redhat.com/security/cve/CVE-2016-9433
access.redhat.com/security/cve/CVE-2016-9434
access.redhat.com/security/cve/CVE-2016-9435
access.redhat.com/security/cve/CVE-2016-9436
access.redhat.com/security/cve/CVE-2016-9437
access.redhat.com/security/cve/CVE-2016-9438
access.redhat.com/security/cve/CVE-2016-9439
access.redhat.com/security/cve/CVE-2016-9440
access.redhat.com/security/cve/CVE-2016-9441
access.redhat.com/security/cve/CVE-2016-9442
github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
github.com/tats/w3m/issues/10
github.com/tats/w3m/issues/12
github.com/tats/w3m/issues/13
github.com/tats/w3m/issues/14
github.com/tats/w3m/issues/15
github.com/tats/w3m/issues/16
github.com/tats/w3m/issues/17
github.com/tats/w3m/issues/18
github.com/tats/w3m/issues/20
github.com/tats/w3m/issues/21
github.com/tats/w3m/issues/22
github.com/tats/w3m/issues/24
github.com/tats/w3m/issues/25
github.com/tats/w3m/issues/26
github.com/tats/w3m/issues/29
github.com/tats/w3m/issues/7
github.com/tats/w3m/issues/8
github.com/tats/w3m/issues/9
wiki.archlinux.org/index.php/CVE
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
87.6%