There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
{ "binaries": [ { "binary_name": "w3m", "binary_version": "0.5.3-15ubuntu0.2+esm1" }, { "binary_name": "w3m-dbgsym", "binary_version": "0.5.3-15ubuntu0.2+esm1" }, { "binary_name": "w3m-img", "binary_version": "0.5.3-15ubuntu0.2+esm1" }, { "binary_name": "w3m-img-dbgsym", "binary_version": "0.5.3-15ubuntu0.2+esm1" } ], "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "w3m", "binary_version": "0.5.3-36ubuntu0.1" }, { "binary_name": "w3m-dbgsym", "binary_version": "0.5.3-36ubuntu0.1" }, { "binary_name": "w3m-img", "binary_version": "0.5.3-36ubuntu0.1" }, { "binary_name": "w3m-img-dbgsym", "binary_version": "0.5.3-36ubuntu0.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "w3m", "binary_version": "0.5.3-37ubuntu0.1" }, { "binary_name": "w3m-dbgsym", "binary_version": "0.5.3-37ubuntu0.1" }, { "binary_name": "w3m-img", "binary_version": "0.5.3-37ubuntu0.1" }, { "binary_name": "w3m-img-dbgsym", "binary_version": "0.5.3-37ubuntu0.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }
{ "binaries": [ { "binary_name": "w3m", "binary_version": "0.5.3+git20210102-6ubuntu0.1" }, { "binary_name": "w3m-dbgsym", "binary_version": "0.5.3+git20210102-6ubuntu0.1" }, { "binary_name": "w3m-img", "binary_version": "0.5.3+git20210102-6ubuntu0.1" }, { "binary_name": "w3m-img-dbgsym", "binary_version": "0.5.3+git20210102-6ubuntu0.1" } ], "availability": "No subscription required", "ubuntu_priority": "medium" }