1324348 – w3m: denial of service with crafted html files

Bug 1324348 - w3m: denial of service with crafted html files

Summary: w3m: denial of service with crafted html files

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1324349 1324350 1336287
Blocks:	1324351
TreeView+	depends on / blocked

Reported:	2016-04-06 06:51 UTC by Andrej Nemec
Modified:	2019-09-29 13:46 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-16 06:09:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Andrej Nemec 2016-04-06 06:51:22 UTC

A vulnerability was found in w3m package. A maliciously crafted html file opened with specific command could cause the application to crash.

Original bug report (reproducer attached):

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820162

Comment 1 Andrej Nemec 2016-04-06 06:51:49 UTC

Created w3m tracking bugs for this issue:

Affects: fedora-all [bug 1324349]
Affects: epel-7 [bug 1324350]

Comment 2 Huzaifa S. Sidhpurwala 2016-05-16 06:07:22 UTC

Created emacs-common-w3m tracking bugs for this issue:

Affects: epel-6 [bug 1336287]

Comment 3 Fedora Update System 2016-05-16 19:06:17 UTC

w3m-0.5.3-20.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.