DLA-2195-1 w3m - security update

Bulletin has no description...

CVE-2018-6197

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c...

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag...

CVE-2016-9626

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page...

CVE-2016-9426

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service OOM and possibly execute arbitrary code due to bdwgc's bug CVE-2016-9427 via a crafted HTML page...

CVE-2006-6772

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name CN field of an SSL certificate associated with an https URL...

CVE-2002-1348

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies...

w3m crossite scripting

No description provided...