Description
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/888097
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3555-2/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3555-1/
Patch, Third Party Advisory x_refsource_confirm
https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
Patch, Third Party Advisory x_refsource_confirm
https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102855
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html
Scores
CVSS v3
4.7
EPSS
0.0008
EPSS Percentile
24.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-59
Status
published
Products (5)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.10
tats/w3m
< 0.5.3
Published
Jan 25, 2018
Tracked Since
Feb 18, 2026