w3m
Page content
- Author: voroskoi
- Vulnerable: 0.5.1-2
- Unaffected: 0.5.1-3siwenna1
A vulnerability has been reported in w3m, which potentially can be exploited by malicious people to compromise a user’s system. The vulnerability is caused due to a format string error when handling SSL certificates and can be exploited via a specially crafted SSL certificate containing format specifiers in the “CN” field. Successful exploitation may allow execution of arbitrary code when e.g. visiting a malicious website, but requires that the application is running with either the “-dump” or “-backend” option.
- Bug Tracker URL: http://bugs.frugalware.org/task/1582