Your submission was sent successfully! Close

CVE-2016-9428

Published: 11 December 2016

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
w3m
Launchpad, Ubuntu, Debian 		precise
Released (0.5.3-5ubuntu1.2)
trusty
Released (0.5.3-15ubuntu0.1)
upstream
Released (0.5.3-30)
xenial
Released (0.5.3-26ubuntu0.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(0.5.3-32)

Notes

AuthorNote
sbeattie 
same fix/workaround as for CVE-2016-9425

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading