CVE-2016-9428

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.3-31

Description An issue was discovered in the Tatsuya Kinoshita w3m fork that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. The issue is related to a heap-based buffer overflow in the addMultirowsForm function.

Recommendations For versions prior to 0.5.3-31, update to version 0.5.3-31 or later to resolve the issue. As a temporary workaround, consider disabling the addMultirowsForm function until a patch is available.