Bug 1011275 – VUL-0: CVE-2016-9426: w3m: heap corruption

Bug 1011275 - (CVE-2016-9426) VUL-0: CVE-2016-9426: w3m: heap corruption

(CVE-2016-9426)
Summary:	VUL-0: CVE-2016-9426: w3m: heap corruption

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:NVD:CVE-2016-9426:6.8:(AV:N/AC...
Keywords:

Depends on:
Blocks:	1011293
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-11-21 12:04 UTC by Alexander Bergmann
Modified:	2018-05-03 22:39 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-11-21 12:04:15 UTC

w3m: multiple vulnerabilities
http://seclists.org/oss-sec/2016/q4/452

heap corruption due to integer overflow in renderTable()

Issue: https://github.com/tats/w3m/issues/25

This issue itself should be only OOM. But it was affected by https://github.com/ivmai/bdwgc/issues/135 which become heap corruption.

Comment 1 Thomas Blume 2016-11-21 13:55:14 UTC

Fixed with:

-->
commit b910f0966d9efea93ea8cef491000a83ffb49c5e
Author: Tatsuya Kinoshita <tats@debian.org>
Date:   Wed Aug 24 19:05:23 2016 +0900

    Truncate max_width for renderTable
    
    Bug-Debian: https://github.com/tats/w3m/issues/25
--<

Comment 2 Swamp Workflow Management 2016-11-21 22:58:21 UTC

bugbot adjusting priority

Comment 3 Alexander Bergmann 2016-11-22 08:17:46 UTC

Upstream Fix:
https://github.com/tats/w3m/commit/b910f0966d9efea93ea8cef491000a83ffb49c5e

Comment 4 Thomas Blume 2017-05-11 07:46:49 UTC

closing