Bug 1011275 - (CVE-2016-9426) VUL-0: CVE-2016-9426: w3m: heap corruption
(CVE-2016-9426)
VUL-0: CVE-2016-9426: w3m: heap corruption
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:NVD:CVE-2016-9426:6.8:(AV:N/AC...
:
Depends on:
Blocks: 1011293
  Show dependency treegraph
 
Reported: 2016-11-21 12:04 UTC by Alexander Bergmann
Modified: 2018-05-03 22:39 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2016-11-21 12:04:15 UTC
w3m: multiple vulnerabilities
http://seclists.org/oss-sec/2016/q4/452

heap corruption due to integer overflow in renderTable()

Issue: https://github.com/tats/w3m/issues/25

This issue itself should be only OOM. But it was affected by https://github.com/ivmai/bdwgc/issues/135 which become heap corruption.
Comment 1 Thomas Blume 2016-11-21 13:55:14 UTC
Fixed with:

-->
commit b910f0966d9efea93ea8cef491000a83ffb49c5e
Author: Tatsuya Kinoshita <tats@debian.org>
Date:   Wed Aug 24 19:05:23 2016 +0900

    Truncate max_width for renderTable
    
    Bug-Debian: https://github.com/tats/w3m/issues/25
--<
Comment 2 Swamp Workflow Management 2016-11-21 22:58:21 UTC
bugbot adjusting priority
Comment 3 Alexander Bergmann 2016-11-22 08:17:46 UTC
Upstream Fix:
https://github.com/tats/w3m/commit/b910f0966d9efea93ea8cef491000a83ffb49c5e
Comment 4 Thomas Blume 2017-05-11 07:46:49 UTC
closing