CVE-2016-9425

Name of the Vulnerable Software and Affected Versions w3m versions prior to 0.5.3-31

Description An issue was discovered in the w3m fork, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted HTML page. The issue is related to a heap-based buffer overflow in the addMultirowsForm function.

Recommendations For versions prior to 0.5.3-31, update to version 0.5.3-31 or later to resolve the issue. As a temporary workaround, consider disabling the addMultirowsForm function until a patch is available. Restrict access to crafted HTML pages to minimize the risk of exploitation.