{"id":"CVE-2023-38253","details":"An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.","modified":"2026-04-16T04:38:33.175235610Z","published":"2023-07-14T18:15:11.047Z","related":["SUSE-SU-2023:4439-1","openSUSE-SU-2024:13138-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AULOBQJLXE2KCT5UVQMKGEFL4GFIAOED/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKFZQUK7FPWWJQYICDZZ4YWIPUPQ2D3R/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TODROGVCWZ435HQIZE6ARQC5LPQLIA5C/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-38253"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222779"},{"type":"REPORT","url":"https://github.com/tats/w3m/issues/271"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tats/w3m","events":[{"introduced":"0"},{"last_affected":"c8223fed7cc631ad85d8e5665e509e7988bedbab"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.5.3+git20230121"}]}}],"versions":["upstream/0.1.10+0.1.11pre+kokb23","upstream/0.3","upstream/0.5.1","upstream/0.5.2","upstream/0.5.3","v0.5.3+debian-19","v0.5.3+git20150203","v0.5.3+git20150509","v0.5.3+git20150623","v0.5.3+git20150720","v0.5.3+git20150811","v0.5.3+git20151010","v0.5.3+git20151119","v0.5.3+git20160228","v0.5.3+git20160511","v0.5.3+git20160718","v0.5.3+git20161009","v0.5.3+git20161031","v0.5.3+git20161120","v0.5.3+git20170102","v0.5.3+git20180125","v0.5.3+git20190105","v0.5.3+git20200502","v0.5.3+git20210102","v0.5.3+git20220429","v0.5.3+git20230121"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-38253.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}