CVE-2023-4255 – W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223)
https://notcve.org/view.php?id=CVE-2023-4255
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. Se descubrió un problema de escritura fuera de los límites en el manejo de retroceso de la función checkType() en etc.c dentro de la aplicación W3M. Esta vulnerabilidad se activa al proporcionar un archivo HTML especialmente manipulado al binario w3m. • https://bugzilla.redhat.com/show_bug.cgi?id=2255207 https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 https://github.com/tats/w3m/issues/268 https://github.com/tats/w3m/pull/273 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject • CWE-787: Out-of-bounds Write •
CVE-2023-38253 – W3m: out of bounds read in growbuf_to_str() at w3m/indep.c
https://notcve.org/view.php?id=CVE-2023-38253
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. • https://access.redhat.com/security/cve/CVE-2023-38253 https://bugzilla.redhat.com/show_bug.cgi?id=2222779 https://github.com/tats/w3m/issues/271 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C • CWE-125: Out-of-bounds Read •
CVE-2023-38252 – W3m: out of bounds read in strnew_size() at w3m/str.c
https://notcve.org/view.php?id=CVE-2023-38252
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. • https://access.redhat.com/security/cve/CVE-2023-38252 https://bugzilla.redhat.com/show_bug.cgi?id=2222775 https://github.com/tats/w3m/issues/270 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C • CWE-125: Out-of-bounds Read •
CVE-2022-38223
https://notcve.org/view.php?id=CVE-2022-38223
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Se presenta una escritura fuera de límites en checkType ubicada en etc.c en w3m 0.5.3. Puede desencadenarse mediante el envío de un archivo HTML diseñado al binario de w3m. • https://github.com/tats/w3m/issues/242 https://lists.debian.org/debian-lts-announce/2023/08/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKESIFZMWIFMI6DRGMUYOTVKBOSEKDXZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R https://lists.fedoraproject.org/archives/list/package-announce • CWE-787: Out-of-bounds Write •
CVE-2018-6197
https://notcve.org/view.php?id=CVE-2018-6197
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. w3m hasta la versión 0.5.3 es propenso a un error de desreferencia de puntero NULL en formUpdateBuffer en form.c. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html http://www.securityfocus.com/bid/102846 https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8 https://github.com/tats/w3m/issues/89 https://lists.debian.org/debian-lts-announce/2020/04/msg00025.html https://usn.ubuntu.com/3555-1 https://usn.ubuntu.com/3555-2 • CWE-476: NULL Pointer Dereference •