{"id":"CVE-2018-6198","details":"w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files.","modified":"2026-04-16T06:17:29.641704308Z","published":"2018-01-25T03:29:00.697Z","related":["SUSE-SU-2019:0776-1","openSUSE-SU-2024:11504-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00028.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3555-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3555-2/"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/102855"},{"type":"FIX","url":"https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753"},{"type":"FIX","url":"https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753"},{"type":"FIX","url":"https://bugs.debian.org/888097"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tats/w3m","events":[{"introduced":"0"},{"last_affected":"5397d09e585a1938fb64bc9c5cd5daed1959eb90"},{"fixed":"18dcbadf2771cdb0c18509b14e4e73505b242753"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.3"}]}}],"versions":["upstream/0.1.10+0.1.11pre+kokb23","upstream/0.3","upstream/0.5.1","upstream/0.5.2","upstream/0.5.3","v0.5.3+debian-19","v0.5.3+git20150203","v0.5.3+git20150509","v0.5.3+git20150623","v0.5.3+git20150720","v0.5.3+git20150811","v0.5.3+git20151010","v0.5.3+git20151119","v0.5.3+git20160228","v0.5.3+git20160511","v0.5.3+git20160718","v0.5.3+git20161009","v0.5.3+git20161031","v0.5.3+git20161120","v0.5.3+git20170102"],"database_specific":{"vanir_signatures_modified":"2026-04-11T14:11:07Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6198.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753","id":"CVE-2018-6198-021bacd2","target":{"function":"w3m_exit","file":"main.c"},"signature_type":"Function","digest":{"length":270,"function_hash":"299411999929596845984512423028642050106"},"deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["261335769205805046566342251010716909920","29612917787393137325208173903425113215","42696203700645889651420809097333495824","158834774318496427167418388532438585199"]},"deprecated":false,"id":"CVE-2018-6198-0bd30630","target":{"file":"rc.c"},"signature_type":"Line","source":"https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753","signature_version":"v1"},{"digest":{"length":1470,"function_hash":"161548505075626386636758859966345807316"},"deprecated":false,"id":"CVE-2018-6198-48c324d5","target":{"function":"init_rc","file":"rc.c"},"signature_type":"Function","source":"https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753","signature_version":"v1"},{"signature_version":"v1","source":"https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753","id":"CVE-2018-6198-827e47c9","target":{"file":"main.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["132494528490069998977071967010022007597","82022512250580956341022367886085022917","332768501774124119740089642761057973044","294366503126602925986443129707894292652"]},"deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}