Unrated severityNVD Advisory· Published Dec 27, 2006· Updated Apr 23, 2026
CVE-2006-6772
CVE-2006-6772
Description
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- secunia.com/advisories/23492nvdVendor Advisory
- secunia.com/advisories/23588nvdVendor Advisory
- secunia.com/advisories/23717nvdVendor Advisory
- secunia.com/advisories/23773nvdVendor Advisory
- secunia.com/advisories/23792nvdVendor Advisory
- www.vupen.com/english/advisories/2006/5164nvdVendor Advisory
- fedoranews.org/cms/node/2415nvd
- fedoranews.org/cms/node/2416nvd
- lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.htmlnvd
- security.gentoo.org/glsa/glsa-200701-06.xmlnvd
- securitytracker.com/idnvd
- sourceforge.net/tracker/index.phpnvd
- w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWSnvd
- w3m.cvs.sourceforge.net/w3m/w3m/file.cnvd
- w3m.cvs.sourceforge.net/w3m/w3m/file.cnvd
- www.novell.com/linux/security/advisories/2007_05_w3m.htmlnvd
- www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.htmlnvd
- www.securityfocus.com/bid/21735nvd
- www.securityfocus.com/bid/24332nvd
- www.ubuntu.com/usn/usn-399-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/31114nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/34821nvd
News mentions
0No linked articles in our index yet.