| Package | w3m |
|---|---|
| Version | 0.5.3-19+deb8u4 (jessie), 0.5.3-34+deb9u2 (stretch) |
| Related CVEs | CVE-2022-38223 |
Han Zheng discovered an out-of-bounds write in w3m, a text based web browser and pager. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service (DoS) or possibly have unspecified other impact.
For Debian 8 jessie, these problems have been fixed in version 0.5.3-19+deb8u4.
For Debian 9 stretch, these problems have been fixed in version 0.5.3-34+deb9u2.
We recommend that you upgrade your w3m packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.