oss-sec mailing list archives
Re: Re: CVE request: w3m - multiple vulnerabilities
From: Kuang-che Wu <kcwu () csie org>
Date: Thu, 15 Dec 2016 02:28:07 +0800
FYI, my previous report was for debian's w3m fork. Now I also tested original w3m 0.5.3. (https://sourceforge.net/projects/w3m/files/w3m/w3m-0.5.3/) The original w3m 0.5.3 is also affected by at least following CVEs CVE-2016-9422 CVE-2016-9424 CVE-2016-9425 CVE-2016-9426 CVE-2016-9432 CVE-2016-9439 CVE-2016-9440 CVE-2016-9441 CVE-2016-9622 CVE-2016-9623 CVE-2016-9624 CVE-2016-9625 CVE-2016-9626 CVE-2016-9627 But the case of CVE-2016-9422, which made debian's w3m stack smashing, can only make original w3m 0.5.3 heap-buffer-overflow write. I haven't found cases to smash stack yet. For other CVEs, I don't know. Maybe original w3m is not affected. Maybe those issues are covered by above issues. kcwu
Attachment:
signature.asc
Description:
Current thread:
- CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 03)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 18)
- <Possible follow-ups>
- CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 21)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 23)
- Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Nov 25)
- Re: Re: CVE request: w3m - multiple vulnerabilities Kuang-che Wu (Dec 14)
- Re: CVE request: w3m - multiple vulnerabilities cve-assign (Nov 23)