Tats W3m
By the Year
In 2024 there have been 0 vulnerabilities in Tats W3m . Last year W3m had 3 security vulnerabilities published. Right now, W3m is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 3 | 5.50 |
| 2022 | 1 | 7.80 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 3 | 6.57 |
It may take a day or so for new W3m vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Tats W3m Security Vulnerabilities
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application
CVE-2023-4255
5.5 - Medium
- December 21, 2023
An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition.
Memory Corruption
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c
CVE-2023-38252
5.5 - Medium
- July 14, 2023
An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Out-of-bounds Read
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c
CVE-2023-38253
5.5 - Medium
- July 14, 2023
An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.
Out-of-bounds Read
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3
CVE-2022-38223
7.8 - High
- August 15, 2022
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Memory Corruption
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which
CVE-2018-6198
4.7 - Medium
- January 25, 2018
w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.
insecure temporary file
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0
CVE-2018-6196
7.5 - High
- January 25, 2018
w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.
Infinite Loop
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
CVE-2018-6197
7.5 - High
- January 25, 2018
w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.
NULL Pointer Dereference
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9436
6.5 - Medium
- January 20, 2017
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
Improper Input Validation
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which
CVE-2016-9435
6.5 - Medium
- January 20, 2017
The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to <dd> tags.
Improper Input Validation
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9439
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9422
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9423
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9424
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9425
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9426
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.
Integer Overflow or Wraparound
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9428
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9429
8.8 - High
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Buffer overflow in the formUpdateBuffer function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9430
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9431
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9432
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (memory corruption, segmentation fault, and crash) via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9433
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (out-of-bounds array access) via a crafted HTML page.
Out-of-bounds Read
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9434
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9437
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) and possibly memory corruption via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9438
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9633
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (infinite loop and resource consumption) via a crafted HTML page.
Resource Management Errors
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9440
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9441
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9442
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause memory corruption in certain conditions via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31
CVE-2016-9443
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9622
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9623
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9624
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9625
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9626
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9627
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (heap buffer overflow and crash) via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9628
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9629
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9630
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Buffer Overflow
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9631
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted HTML page.
NULL Pointer Dereference
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33
CVE-2016-9632
6.5 - Medium
- December 12, 2016
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service (global buffer overflow and crash) via a crafted HTML page.
Buffer Overflow
