Source: w3m X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for w3m. CVE-2023-4255[0]: | An out-of-bounds write issue has been discovered in the backspace | handling of the checkType() function in etc.c within the W3M | application. This vulnerability is triggered by supplying a | specially crafted HTML file to the w3m binary. Exploitation of this | flaw could lead to application crashes, resulting in a denial of | service condition. https://github.com/tats/w3m/commit/edc602651c506aeeb60544b55534dd1722a340d3 https://github.com/tats/w3m/issues/268 https://github.com/tats/w3m/pull/273 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-4255 https://www.cve.org/CVERecord?id=CVE-2023-4255 Please adjust the affected versions in the BTS as needed.
