Vulnerability Details CVE-2016-9436
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
- http://www.openwall.com/lists/oss-security/2016/11/18/3
- http://www.securityfocus.com/bid/94407
- https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
- https://github.com/tats/w3m/issues/16
- https://security.gentoo.org/glsa/201701-08
- http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
- http://www.openwall.com/lists/oss-security/2016/11/18/3
- http://www.securityfocus.com/bid/94407
- https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
- https://github.com/tats/w3m/issues/16
- https://security.gentoo.org/glsa/201701-08
Products affected by CVE-2016-9436
-
cpe:2.3:a:tats:w3m:0.5.1
-
cpe:2.3:a:tats:w3m:0.5.1-1
-
cpe:2.3:a:tats:w3m:0.5.1-3
-
cpe:2.3:a:tats:w3m:0.5.1-4
-
cpe:2.3:a:tats:w3m:0.5.1-5
-
cpe:2.3:a:tats:w3m:0.5.1-5.1
-
cpe:2.3:a:tats:w3m:0.5.2
-
cpe:2.3:a:tats:w3m:0.5.2-1
-
cpe:2.3:a:tats:w3m:0.5.2-10
-
cpe:2.3:a:tats:w3m:0.5.2-2
-
cpe:2.3:a:tats:w3m:0.5.2-2.1
-
cpe:2.3:a:tats:w3m:0.5.2-3
-
cpe:2.3:a:tats:w3m:0.5.2-4
-
cpe:2.3:a:tats:w3m:0.5.2-5
-
cpe:2.3:a:tats:w3m:0.5.2-6
-
cpe:2.3:a:tats:w3m:0.5.2-7
-
cpe:2.3:a:tats:w3m:0.5.2-8
-
cpe:2.3:a:tats:w3m:0.5.2-9
-
cpe:2.3:a:tats:w3m:0.5.3
-
cpe:2.3:a:tats:w3m:0.5.3+git20160718
-
cpe:2.3:o:opensuse:leap:42.2
-
cpe:2.3:o:opensuse_project:leap:42.1