DEBIAN-CVE-2023-38253

DEBIAN-CVE-2023-38253 PUBLISHED CVSS 5.5 MEDIUM

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	w3m	0.5.3+git20230121-2.1, 0.5.3+git20230121-2.3, 0.5.3+git20230121-2.2
Debian:11	w3m	*, 0, 0.5.3+git20210102-6
Debian:12	w3m	0, ,
Debian:13	w3m	0.5.3+git20230121-2.1, 0.5.3+git20230121-2.2, 0.5.3+git20230121-2.3

Timeline

Jul 14, 2023 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-38253 advisory

Open in Interactive Console →