CVE 2016-9436
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
See the 
CVE page on Mitre.org
for more details.
