CVE-2018-6198

Published: 24 January 2018

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

Priority

Low

CVSS 3 base score: 4.7

Status

Package Release Status
w3m
Launchpad, Ubuntu, Debian
Upstream
Released (0.5.3-36)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.5.3-26ubuntu0.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.5.3-15ubuntu0.2)