CVE-2016-9435
MEDIUMOpensuse Leap < 0.5.3\+git20160718 - Improper Input Validation
Title source: ruleDescription
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201701-08
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/tats/w3m/issues/16
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94407
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/11/18/3
Scores
CVSS v3
6.5
EPSS
0.0141
EPSS Percentile
80.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (3)
opensuse/leap
42.2
opensuse_project/leap
42.1
tats/w3m
< 0.5.3\+git20160718
Published
Jan 20, 2017
Tracked Since
Feb 18, 2026