Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-431)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-431 advisory. Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function gagrowinner in in the file src/alloc.c at line 748, which is freed in the file...

Vim < 9.0.2068 Use After Free

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function gagrowinner in in the file src/alloc.c at line 748, which is freed in the file src/exdocmd.c in the function docmdline at line 1010 and then used again in src/cmdhist.c at line 759...

Denial Of Service (DoS)

vim/vim is vulnerable to denial of service. The vulnerability exists in FEATEVAL function of exdocmd.c due to improper validations which allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash...

The vulnerability of the parse_cmd_address() function in the Vim text editor allows a hacker to execute arbitrary code.

The vulnerability of the parsecmdaddress function exdocmd.c in the Vim text editor is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2022-2000

An out-of-bounds write vulnerability was found in Vim's appendcommand function of the src/exdocmd.c file. This issue occurs when an error for a command goes over the end of IObuff. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflo...

Out-of-bounds write in function append_command

Description Out-of-bounds write in function appendcommand at exdocmd.c:3447 vim version git log commit bfaa24f95343af9c058696644375d04e660f1b00 HEAD - master, tag: v8.2.5052, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S ./pocobw6s.dat -c :qa!...

CVE-2022-1616

A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in appendcommand of the src/exdocmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim...

Vim memory mis-reference vulnerability

Vim is a UNIX-based editor. vim is vulnerable to a memory mis-reference vulnerability in the exopen function in src/exdocmd.c, which could be exploited to cause a denial of service or code execution...

CVE-2021-3875

There's an out-of-bounds read flaw in Vim's exdocmd.c. An attacker who is capable of tricking a user into opening a specially crafted file could trigger an out-of-bounds read on a memmove operation, potentially causing an impact to application availability...