w3m is vulnerable to out-of-bounds writes. checkType
located in etc.c
could be triggered by sending a crafted HTML file to the w3m binary, which allows an attacker to cause Denial of Service or possibly have unspecified other impact.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-38223
github.com/tats/w3m/issues/242
lists.debian.org/debian-lts-announce/2023/08/msg00030.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/
lists.fedoraproject.org/archives/list/[email protected]/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ/
lists.fedoraproject.org/archives/list/[email protected]/message/NRRZMTLG3YT6U3PSGJOAMLDNLRF2EUOP/