423 matches found
CVE-2026-57451
Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...
CVE-2026-57456
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim executes reconstructed function and class definitions from the current buffer with exec as part of populating the completion...
CVE-2026-55895
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix Dump
Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...
CVE-2026-55892
Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...
CVE-2026-55892
Vim vulnerability CVE-2026-55892 affects Vim prior to 9.2.0662. The dump_prefixes() function in src/spell.c walks a spell-file prefix trie with a depth counter and indexes fixed MAXWLEN-element arrays (prefix[], arridx[], curi[]). The depth bound is the trie itself, not the array size, allowing a...
CVE-2026-55895 Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename
Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...
CVE-2026-57451
Vim is an open source, command line text editor. Prior to 9.2.0670, gettextprops in src/textprop.c reads a uint16 property count stored inline after a line's text and returns it as the number of 32-byte textpropT entries that follow. The only check is a floor that guarantees room for a single...
CVE-2026-57452 Vim: Out-of-bounds Read with libsodium-encrypted Files
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
CVE-2026-57452
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
EUVD-2026-39448
Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt04! or VimCrypt05! method xchacha20poly1305, requires the +sodium feature whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflo...
CVE-2026-57454
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads th...
vim: Vim: Command injection allows arbitrary code execution via malicious tag files
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...
Important: Red Hat Security Advisory: vim security update
An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
vim: command injection when decompressing .tgz archives
A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...
CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
ALPINE-CVE-2026-52858
Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...
CVE-2026-47167
Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds with +ruby support. Step-definition patterns read from .rb files under the repository's...
UBUNTU-CVE-2026-52859
Vim is an open source, command line text editor. Prior to version 9.2.0565, the updatesnapshot function in src/terminal.c copies the visible terminal screen into the scrollback buffer when a snapshot is taken. For each screen cell it walks the cell's chars array with no upper bound, stopping only...