Bugzilla – Bug 1202684
VUL-0: CVE-2022-38223: w3m: Out-of-bounds write in checkType located in etc.c in w3m 0.5.3
Last modified: 2022-10-22 17:11:56 UTC
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It
can be triggered by sending a crafted HTML file to the w3m binary. It allows an
attacker to cause Denial of Service or possibly have unspecified other impact.
There is no upstream fix yet and upstream also could not reproduce the issue yet.
However, I am tracking the following as affected, so that we keep up with the updates there:
- SUSE:SLE-11-SP1:Update/w3m 0.5.3
- SUSE:SLE-12:Update/w3m 0.5.3
- openSUSE:Factory/w3m 0.5.3