Vim < 9.2.0450 Heap Buffer Overflow (GHSA-q4jv-r9gj-6cwv)

The version of Vim installed on the remote host is prior to 9.2.0450. It is, therefore, affected by a vulnerability as referenced in the GHSA-q4jv-r9gj-6cwv advisory. - An integer overflow in the readcompound function within src/spellfile.c produces a heap buffer overflow when processing maliciou...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

UBUNTU-CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

PT-2026-29480

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0276 Description Vim is susceptible to remote code execution through maliciously crafted "modelines" that can bypass sandboxes. This allows for the execution of commands. Recommendations Update to version 9.2.0276 or...

EUVD-2002-1361

Malware in sbrugna...

SUSE CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

SUSE CVE-2007-2438

The sandbox for vim allows dangerous functions such as 1 writefile, 2 feedkeys, and 3 system, which might allow user-assisted attackers to execute shell commands and write files via modelines...

openSUSE Security Update : pacemaker (openSUSE-2020-1825)

This update for pacemaker fixes the following issues : - executor: restrict certain IPC requests to Pacemaker daemons CVE-2020-25654, bsc1177916 - extra: add vim modelines to agents - extra: quote shell variables in agent code where appropriate bsc1175557 - extra: remove trailing whitespace from...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

Oracle Linux 6 : vim (ELSA-2019-1774)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-1774 advisory. - 1724045 - fix CVE-2019-12735 the :source! command allows arbitrary command execution via the modeline Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

Scientific Linux Security Update : vim on SL6.x i386/x86_64 (20190715)

Security Fixes : - vim/neovim: ':source!' command allows arbitrary command execution via modelines CVE-2019-12735 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid126715; scriptversion"1.4";...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

vim security update

CentOS Errata and Security Advisory CESA-2019:1619 An update for vim is now available for Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

vim/neovim: ': source!' command allows arbitrary command execution via modelines

It was found that the :source! command was not restricted by the sandbox mode. If modeline was explicitly enabled, opening a specially crafted text file in vim could result in arbitrary command execution...

RHEL 7 / 8 : vim (RHSA-2019:1619)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:1619 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim/neovim: ':source!' command allows arbitrary command...

Your Linux Can Get Hacked Just by Opening a File in Vim or Neovim Editor

Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command executio...