CVE-2006-6772

NameCVE-2006-6772
DescriptionFormat string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs404564

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
w3m (PTS)jessie, jessie (lts)0.5.3-19+deb8u4fixed
stretch (lts), stretch0.5.3-34+deb9u2fixed
buster (security), buster, buster (lts)0.5.3-37+deb10u1fixed
bullseye0.5.3+git20210102-6+deb11u1fixed
sid, trixie, bookworm0.5.3+git20230121-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
w3msource(unstable)0.5.1-5.1low404564
w3mmeesource(unstable)(not affected)

Notes

- w3mmee <not-affected> (Does not include this format string vuln in the code)
[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)

Search for package or bug name: Reporting problems