{"id":"CVE-2016-9426","details":"An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Integer overflow vulnerability in the renderTable function in w3m allows remote attackers to cause a denial of service (OOM) and possibly execute arbitrary code due to bdwgc's bug (CVE-2016-9427) via a crafted HTML page.","modified":"2026-04-01T23:55:42.985043Z","published":"2016-12-12T02:59:15.327Z","related":["MGASA-2018-0024"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94407"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-08"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"type":"FIX","url":"https://github.com/tats/w3m/issues/25"},{"type":"FIX","url":"https://github.com/tats/w3m/blob/master/ChangeLog"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tats/w3m","events":[{"introduced":"0"},{"last_affected":"ce6fffae3d2b82eeef1cbec23a6f4849169f1211"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.3-30"}]}}],"versions":["debian/0.1.10+0.1.11pre+kokb23-4","debian/0.3-2.4","debian/0.5.1-1","debian/0.5.1-3","debian/0.5.1-4","debian/0.5.1-5","debian/0.5.1-5.1","debian/0.5.2-1","debian/0.5.2-10","debian/0.5.2-2","debian/0.5.2-2+lenny1","debian/0.5.2-2.1","debian/0.5.2-3","debian/0.5.2-4","debian/0.5.2-5","debian/0.5.2-6","debian/0.5.2-7","debian/0.5.2-8","debian/0.5.2-9","debian/0.5.3-1","debian/0.5.3-10","debian/0.5.3-11","debian/0.5.3-12","debian/0.5.3-13","debian/0.5.3-14","debian/0.5.3-15","debian/0.5.3-16","debian/0.5.3-17","debian/0.5.3-18","debian/0.5.3-19","debian/0.5.3-19+deb8u1","debian/0.5.3-19+deb8u2","debian/0.5.3-19+deb8u3","debian/0.5.3-2","debian/0.5.3-20","debian/0.5.3-21","debian/0.5.3-22","debian/0.5.3-23","debian/0.5.3-24","debian/0.5.3-25","debian/0.5.3-26","debian/0.5.3-27","debian/0.5.3-28","debian/0.5.3-29","debian/0.5.3-3","debian/0.5.3-30","debian/0.5.3-4","debian/0.5.3-5","debian/0.5.3-6","debian/0.5.3-7","debian/0.5.3-8","debian/0.5.3-9","upstream/0.1.10+0.1.11pre+kokb23","upstream/0.3","upstream/0.5.1","upstream/0.5.2","upstream/0.5.3","upstream/0.5.3+git20210102","upstream/0.5.3+git20220429","upstream/0.5.3+git20230121","v0.5.3+debian-19","v0.5.3+debian-19+deb8u1","v0.5.3+debian-19+deb8u2","v0.5.3+debian-19+deb8u3","v0.5.3+git20150203","v0.5.3+git20150509","v0.5.3+git20150623","v0.5.3+git20150720","v0.5.3+git20150811","v0.5.3+git20151010","v0.5.3+git20151119","v0.5.3+git20160228","v0.5.3+git20160511","v0.5.3+git20160718","v0.5.3+git20161009","v0.5.3+git20161031","v0.5.3+git20161120","v0.5.3+git20170102","v0.5.3+git20170102+deb9u1","v0.5.3+git20180125","v0.5.3+git20190105","v0.5.3+git20200502","v0.5.3+git20210102","v0.5.3+git20210102+deb11u0.1","v0.5.3+git20210102+deb11u0.2","v0.5.3+git20210102+deb11u0.3","v0.5.3+git20210102+deb11u0.4","v0.5.3+git20210102+deb11u0.5","v0.5.3+git20210102+deb11u1","v0.5.3+git20220429","v0.5.3+git20230121"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9426.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}