6.5

CVE-2016-9436

parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.2
Opensuse ProjectLeap Version42.1
TatsW3m Version <= 0.5.3\+git20160718
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.35% 0.872
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.openwall.com/lists/oss-security/2016/11/18/3
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/94407
Third Party Advisory
VDB Entry
https://security.gentoo.org/glsa/201701-08
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html
Third Party Advisory
https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
Patch
Issue Tracking
Technical Description
https://github.com/tats/w3m/issues/16
Patch
Third Party Advisory
Issue Tracking