Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 42 results


CVE-2023-4255

Medium priority

Some fixes available 8 of 9

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m...

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2023-38253

Low priority

Some fixes available 7 of 10

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2023-38252

Low priority

Some fixes available 7 of 10

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed Fixed Fixed Fixed Needs evaluation
Show less packages

CVE-2022-38223

Medium priority

Some fixes available 9 of 10

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2018-6198

Low priority
Fixed

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages

CVE-2018-6197

Medium priority
Fixed

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages

CVE-2018-6196

Low priority
Fixed

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages

CVE-2016-9436

Low priority

Some fixes available 3 of 4

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages

CVE-2016-9435

Low priority

Some fixes available 3 of 4

The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages

CVE-2016-9633

Medium priority

Some fixes available 3 of 4

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.

1 affected packages

w3m

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
w3m Fixed
Show less packages