CVE-2023-4255 created 4 months, 1 week ago W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223) An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. This vulnerability is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. Affected products w3m Matching in nixpkgs pkgs.w3m-nox Text-mode web browser nixos-unstable - nixpkgs-unstable 0.5.5 pkgs.w3m-full Text-mode web browser nixos-unstable - nixpkgs-unstable 0.5.5 pkgs.w3m-batch Text-mode web browser nixos-unstable - nixpkgs-unstable 0.5.5 pkgs.w3m-nographics Text-mode web browser nixos-unstable - nixpkgs-unstable 0.5.5 Package maintainers: 2 @toastal toastal <toastal+nix@posteo.net> @anthonyroussel Anthony Roussel <anthony@roussel.dev>