Vulnerabilities > Tats

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-4255 Out-of-bounds Write vulnerability in multiple products
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application.
local
low complexity
tats fedoraproject CWE-787
5.5
2023-07-14 CVE-2023-38252 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c.
local
low complexity
tats redhat fedoraproject CWE-125
5.5
2023-07-14 CVE-2023-38253 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c.
local
low complexity
tats redhat fedoraproject CWE-125
5.5
2022-08-15 CVE-2022-38223 Out-of-bounds Write vulnerability in multiple products
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3.
local
low complexity
tats fedoraproject CWE-787
7.8
2018-01-25 CVE-2018-6198 Link Following vulnerability in multiple products
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
local
high complexity
tats canonical CWE-59
4.7
2018-01-25 CVE-2018-6197 NULL Pointer Dereference vulnerability in multiple products
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
network
low complexity
tats canonical CWE-476
7.5
2018-01-25 CVE-2018-6196 Infinite Loop vulnerability in multiple products
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
network
low complexity
tats canonical CWE-835
7.5
2017-01-20 CVE-2016-9436 Improper Input Validation vulnerability in multiple products
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
network
low complexity
opensuse-project opensuse tats CWE-20
6.5
2017-01-20 CVE-2016-9435 Improper Input Validation vulnerability in multiple products
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
network
low complexity
opensuse-project opensuse tats CWE-20
6.5
2016-12-12 CVE-2016-9633 Resource Management Errors vulnerability in Tats W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
network
low complexity
tats CWE-399
6.5