W3M
CVE-2016-9426
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
AnalysisAI
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page. Affected products include: Tats W3M. Version information: before 0.5.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. Rated high severity (CVSS 7.8), this vulnera
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. Rated high severity (CVSS 7
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in t
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within t
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5)
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), thi
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Rated high severity (CVSS 8.8), this vulnerab
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Integer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today