W3mproject W3m

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in W3mproject W3m.

By the Year

In 2025 there have been 0 vulnerabilities in W3mproject W3m. W3m did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2025	0	0.00
2024	0	0.00
2023	2	5.50
2022	1	7.80
2021	0	0.00
2020	0	0.00
2019	0	0.00
2018	3	6.57

It may take a day or so for new W3m vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent W3mproject W3m Security Vulnerabilities

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c

CVE-2023-38253 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c

CVE-2023-38252 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Out-of-bounds Read

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3

CVE-2022-38223 7.8 - High - August 15, 2022

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Memory Corruption

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0

CVE-2018-6196 7.5 - High - January 25, 2018

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value.

Infinite Loop

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

CVE-2018-6197 7.5 - High - January 25, 2018

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c.

NULL Pointer Dereference

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which

CVE-2018-6198 4.7 - Medium - January 25, 2018

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.

insecure temporary file

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Tats W3m or by W3mproject? Click the Watch button to subscribe.

W3mproject
Vendor

W3mproject W3m
Product

W3mproject W3m

Don't miss out!

By the Year

Recent W3mproject W3m Security Vulnerabilities

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c CVE-2023-38253 5.5 - Medium - July 14, 2023

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c CVE-2023-38252 5.5 - Medium - July 14, 2023

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3 CVE-2022-38223 7.8 - High - August 15, 2022

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 CVE-2018-6196 7.5 - High - January 25, 2018

w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c. CVE-2018-6197 7.5 - High - January 25, 2018

w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which CVE-2018-6198 4.7 - Medium - January 25, 2018