7 matches found
CVE-2026-57455
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...
EUVD-2026-39437
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...
PT-2026-52480
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0698 Description A stack out-of-bounds write occurs in the single-byte branch of the spell soundfold sofo function within src/spell.c. When a SOFO-based spell language is active, the copy loop translates a word using ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crashing when dealing with very long words. In cases where a console is set up to handle very large data, containing words that are truly long 256 characters, we need to stop processing before reaching the length o...
Linux Distros Unpatched Vulnerability : CVE-2024-26994
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word 256 characters, we have to stop before the lengt...
SUSE CVE-2024-26994
In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word 256 characters, we have to stop before the length of the word buffer...
FreeBSD : bogofilter -- heap corruption through excessively long words (b747b2a9-7be0-11da-8ec4-0002b3b60e4c)
Matthias Andree reports : Bogofilter's/bogolexer's input handling in version 0.96.2 was not keeping track of its output buffers properly and could overrun a heap buffer if the input contained words whose length exceeded 16,384 bytes, the size of flex's input buffer. A 'word' here refers to a...