Gentoo Logo

w3m: Format string vulnerability


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200701-06 / w3m
Release Date January 12, 2007
Latest Revision January 12, 2007: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-client/w3m < 0.5.1-r4 >= 0.5.1-r4 All supported architectures

Related bugreports: #159145


w3m does not correctly handle format string specifiers in SSL certificates.

2.  Impact Information


w3m is a multi-platform text-based web browser.


w3m in -dump or -backend mode does not correctly handle printf() format string specifiers in the Common Name (CN) field of an X.509 SSL certificate.


An attacker could entice a user to visit a malicious website that would load a specially crafted X.509 SSL certificate containing "%n" or other format string specifiers, possibly resulting in the execution of arbitrary code with the rights of the user running w3m.

3.  Resolution Information


There is no known workaround at this time.


All w3m users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/w3m-0.5.1-r4"

4.  References


Page updated January 12, 2007

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.