rpm package
opensuse/w3m&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/w3m&distro=openSUSE%20Tumbleweed
Vulnerabilities (31)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-38253 | Med | 4.7 | < 0.5.3+git20230121-2.1 | 0.5.3+git20230121-2.1 | Jul 14, 2023 | An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |
| CVE-2023-38252 | Med | 4.7 | < 0.5.3+git20230121-2.1 | 0.5.3+git20230121-2.1 | Jul 14, 2023 | An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. | |
| CVE-2022-38223 | Hig | 7.8 | < 0.5.3+git20180125-2.1 | 0.5.3+git20180125-2.1 | Aug 15, 2022 | There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | |
| CVE-2018-6198 | Med | 4.7 | < 0.5.3+git20180125-1.14 | 0.5.3+git20180125-1.14 | Jan 25, 2018 | w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | |
| CVE-2018-6197 | Hig | 7.5 | < 0.5.3+git20180125-1.14 | 0.5.3+git20180125-1.14 | Jan 25, 2018 | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | |
| CVE-2018-6196 | Hig | 7.5 | < 0.5.3+git20180125-1.14 | 0.5.3+git20180125-1.14 | Jan 25, 2018 | w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | |
| CVE-2016-9436 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Jan 20, 2017 | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag. | |
| CVE-2016-9435 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Jan 20, 2017 | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags. | |
| CVE-2016-9633 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | |
| CVE-2016-9632 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9631 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9630 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9629 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9628 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9627 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page. | |
| CVE-2016-9626 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9625 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page. | |
| CVE-2016-9624 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9623 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | |
| CVE-2016-9622 | Med | 6.5 | < 0.5.3.git20161120-1.1 | 0.5.3.git20161120-1.1 | Dec 12, 2016 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. |
- affected < 0.5.3+git20230121-2.1fixed 0.5.3+git20230121-2.1
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
- affected < 0.5.3+git20230121-2.1fixed 0.5.3+git20230121-2.1
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
- affected < 0.5.3+git20180125-2.1fixed 0.5.3+git20180125-2.1
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
- affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
- affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
- affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
- affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
Page 1 of 2