VYPR

rpm package

opensuse/w3m&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/w3m&distro=openSUSE%20Tumbleweed

Vulnerabilities (31)

  • CVE-2023-38253MedJul 14, 2023
    affected < 0.5.3+git20230121-2.1fixed 0.5.3+git20230121-2.1

    An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

  • CVE-2023-38252MedJul 14, 2023
    affected < 0.5.3+git20230121-2.1fixed 0.5.3+git20230121-2.1

    An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

  • CVE-2022-38223HigAug 15, 2022
    affected < 0.5.3+git20180125-2.1fixed 0.5.3+git20180125-2.1

    There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

  • CVE-2018-6198MedJan 25, 2018
    affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14

    w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

  • CVE-2018-6197HigJan 25, 2018
    affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14

    w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

  • CVE-2018-6196HigJan 25, 2018
    affected < 0.5.3+git20180125-1.14fixed 0.5.3+git20180125-1.14

    w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.

  • CVE-2016-9436MedJan 20, 2017
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a tag.

  • CVE-2016-9435MedJan 20, 2017
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to tags.

  • CVE-2016-9633MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.

  • CVE-2016-9632MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.

  • CVE-2016-9631MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

  • CVE-2016-9630MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.

  • CVE-2016-9629MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

  • CVE-2016-9628MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

  • CVE-2016-9627MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.

  • CVE-2016-9626MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

  • CVE-2016-9625MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.

  • CVE-2016-9624MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

  • CVE-2016-9623MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

  • CVE-2016-9622MedDec 12, 2016
    affected < 0.5.3.git20161120-1.1fixed 0.5.3.git20161120-1.1

    An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.

Page 1 of 2