Summary
Mikulas Patocka discovered an integer overflow in the parsing of HTML tables in the Links web browser. This can only be exploited when running Links in graphical mode.
Solution
For the oldstable distribution (squeeze), this problem has been fixed in version 2.3~pre1-1+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in version 2.7-1+deb7u1.
For the testing distribution (jessie), this problem has been fixed in version 2.8-1.
For the unstable distribution (sid), this problem has been fixed in version 2.8-1.
We recommend that you upgrade your links2 packages.
Insight
Links is a graphics and text mode WWW browser, similar to Lynx. It displays tables, frames, downloads on background, uses HTTP/1.1 keepalive connections.
In graphics mode it displays PNG, JPEG, GIF, TIFF, and XBM pictures, runs external bindings on other types, and features anti-aliased font, smooth image zooming, 48-bit dithering, and gamma and aspect ratio correction.
Affected
links2 on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-6050 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities