Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring() can append a chunk onto itself. (CVE-2017-1000211)
{ "section": "core" }