Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring() can append a chunk onto itself.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.8.9dev8-4ubuntu1+esm1", "binary_name": "lynx" }, { "binary_version": "2.8.9dev8-4ubuntu1+esm1", "binary_name": "lynx-common" }, { "binary_version": "2.8.9dev8-4ubuntu1+esm1", "binary_name": "lynx-cur" }, { "binary_version": "2.8.9dev8-4ubuntu1+esm1", "binary_name": "lynx-dbgsym" } ] }