Vulnerabilities > W3M Project

DATE CVE VULNERABILITY TITLE RISK
2018-01-25 CVE-2018-6198 Link Following vulnerability in multiple products
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
3.3
2018-01-25 CVE-2018-6197 Null Pointer Dereference vulnerability in multiple products
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
network
low complexity
w3m-project canonical CWE-476
5.0
2018-01-25 CVE-2018-6196 Infinite Loop vulnerability in multiple products
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
network
low complexity
w3m-project canonical CWE-835
5.0
2017-01-20 CVE-2016-9436 Improper Input Validation vulnerability in multiple products
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
4.3
2017-01-20 CVE-2016-9435 Improper Input Validation vulnerability in multiple products
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
4.3
2016-12-12 CVE-2016-9633 Resource Management Errors vulnerability in W3M Project W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
4.3
2016-12-12 CVE-2016-9632 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
4.3
2016-12-12 CVE-2016-9631 Null Pointer Dereference vulnerability in W3M Project W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
4.3
2016-12-12 CVE-2016-9630 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in W3M Project W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
4.3
2016-12-12 CVE-2016-9629 Null Pointer Dereference vulnerability in W3M Project W3M
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33.
4.3