CVE-2016-9422

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.3-31

Description An issue was discovered in the Tatsuya Kinoshita w3m fork. The feed table tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.

Recommendations For versions prior to 0.5.3-31, update to version 0.5.3-31 or later to resolve the issue. As a temporary workaround, consider restricting the use of the feed table tag function until a patch is available. Avoid using the table span value in crafted HTML pages to minimize the risk of exploitation.