A heap use-after-free vulnerability was found in Vim’s process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when ‘tagfunc’ wipes out the buffer that holds ‘complete.’ This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.
Untrusted vim scripts with -s [scriptin] are not recommended to run.