Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Nov 2016 13:16:48 +0800
From: Kuang-che Wu <>
Subject: CVE request: w3m - multiple vulnerabilities

Following are security flaws that I reported to debian's w3m.

These issues are all fixed in 0.5.3-33 (v0.5.3+git20161120) released
at Nov 20, 2016.

Please assign CVEs if you think they are suitable for identifiers.

Serious issues
- global-buffer-overflow write

Moderate issues
(the crash point looks not-explitable but I am not sure whether the root cause
 of them could be reused as exploit gadget)
- null deref
- null deref
- near-null deref
- stack overflow
- stack overflow
- heap overflow read + deref
- null deref
- null deref
- global-buffer-overflow read
- null deref
- global-buffer-overflow read

Low severity

All issues are found by afl-fuzz.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ