MGASA-2024-0105

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0105.html

Import Source

https://advisories.mageia.org/MGASA-2024-0105.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0105

Related

Published

2024-04-01T19:50:27Z

Modified

2024-04-01T19:35:55Z

Summary

Updated w3m packages fix security vulnerabilities

Details

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38252) An out-of-bounds read flaw was found in w3m, in the growbufto_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file. (CVE-2023-38253) An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. (CVE-2023-4255)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / w3m

Package

Name: w3m
Purl: pkg:rpm/mageia/w3m?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.5.3-13.git20230121.1.mga9

Ecosystem specific

{
    "section": "core"
}