Note:
This project will be discontinued after December 13, 2021. [more]
Product:
W3m
(Tats)| Repositories | https://github.com/tats/w3m |
| #Vulnerabilities | 40 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-12-12 | CVE-2016-9629 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | W3m | 6.5 | ||
| 2016-12-12 | CVE-2016-9630 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | W3m | 6.5 | ||
| 2016-12-12 | CVE-2016-9631 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page. | W3m | 6.5 | ||
| 2016-12-12 | CVE-2016-9632 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page. | W3m | 6.5 | ||
| 2016-12-12 | CVE-2016-9633 | An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page. | W3m | 6.5 | ||
| 2017-01-20 | CVE-2016-9435 | The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags. | Leap, Leap, W3m | 6.5 | ||
| 2017-01-20 | CVE-2016-9436 | parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag. | Leap, Leap, W3m | 6.5 | ||
| 2018-01-25 | CVE-2018-6196 | w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value. | Ubuntu_linux, W3m | 7.5 | ||
| 2018-01-25 | CVE-2018-6197 | w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. | Ubuntu_linux, W3m | 7.5 | ||
| 2018-01-25 | CVE-2018-6198 | w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files. | Ubuntu_linux, W3m | 4.7 |