Your submission was sent successfully! Close

CVE-2016-9428

Published: 11 December 2016

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
w3m
Launchpad, Ubuntu, Debian 		precise
Released (0.5.3-5ubuntu1.2)
trusty
Released (0.5.3-15ubuntu0.1)
upstream
Released (0.5.3-30)
xenial
Released (0.5.3-26ubuntu0.1)
yakkety Ignored
(reached end-of-life)
zesty Not vulnerable
(0.5.3-32)
Patches:
debian: https://github.com/tats/w3m/commit/4e464819dd360ffd3d58fa2a89216fe413cfcc74

Notes

AuthorNote
sbeattie 
same fix/workaround as for CVE-2016-9425

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading