CVE-2016-9424

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.3-31

Description An issue was discovered in the Tatsuya Kinoshita w3m fork that allows remote attackers to cause a denial of service (heap buffer overflow crash) and possibly execute arbitrary code via a crafted HTML page. This occurs because w3m does not properly validate the value of a tag attribute.

Recommendations For versions prior to 0.5.3-31, update to version 0.5.3-31 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit this issue until a patch is applied.