Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/34821
https://exchange.xforce.ibmcloud.com/vulnerabilities/31114
http://www.vupen.com/english/advisories/2006/5164
http://www.ubuntu.com/usn/usn-399-1
http://www.securityfocus.com/bid/24332
http://www.securityfocus.com/bid/21735
http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html
http://www.novell.com/linux/security/advisories/2007_05_w3m.html
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log
http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250
http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79
http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439
http://securitytracker.com/id?1017440
http://security.gentoo.org/glsa/glsa-200701-06.xml
http://secunia.com/advisories/23792
http://secunia.com/advisories/23773
http://secunia.com/advisories/23717
http://secunia.com/advisories/23588
http://secunia.com/advisories/23492
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html