High severity8.8NVD Advisory· Published Dec 12, 2016· Updated May 6, 2026

CVE-2016-9428

Description

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

Affected products

Tats/W3m
cpe:2.3:a:tats:w3m:*:*:*:*:*:*:*:*
Range: <=0.5.3-30

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/tats/w3m/blob/master/ChangeLognvdIssue TrackingPatch
github.com/tats/w3m/issues/26nvdIssue TrackingPatch
www.openwall.com/lists/oss-security/2016/11/18/3nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/94407nvd
security.gentoo.org/glsa/201701-08nvd

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000