Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTMLputstring() can append a chunk onto itself.
{ "ubuntu_priority": "medium", "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "lynx", "binary_version": "2.8.9dev8-4ubuntu1+esm1" }, { "binary_name": "lynx-common", "binary_version": "2.8.9dev8-4ubuntu1+esm1" }, { "binary_name": "lynx-cur", "binary_version": "2.8.9dev8-4ubuntu1+esm1" }, { "binary_name": "lynx-dbgsym", "binary_version": "2.8.9dev8-4ubuntu1+esm1" } ] }