{"id":"CVE-2016-9435","details":"The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to \u003cdd\u003e tags.","modified":"2026-05-17T11:54:56.117620177Z","published":"2017-01-20T15:59:00.613Z","related":["SUSE-SU-2016:3046-1","SUSE-SU-2016:3053-1","openSUSE-SU-2024:10235-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"opensuse:leap","extracted_events":[{"last_affected":"42.2"}]},{"cpes":["cpe:2.3:o:opensuse_project:leap:42.1:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"opensuse_project:leap","extracted_events":[{"last_affected":"42.1"}]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00084.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/94407"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-08"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2016/11/18/3"},{"type":"FIX","url":"https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd"},{"type":"FIX","url":"https://github.com/tats/w3m/issues/16"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}