CVE-2016-9423

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.3-31

Description An issue was discovered in the Tatsuya Kinoshita w3m fork that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page. This is due to a heap-based buffer overflow in w3m.

Recommendations For versions prior to 0.5.3-31, update to version 0.5.3-31 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap-based buffer overflow until a patch is applied.