CLSA-2026-1779183103 vim: Fix of 6 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in updatetopline when screen is invalid - CVE-2022-1616: tighten appendcommand loop bound + pre-write length check to avoid buffer overflow with composing chars - CVE-2022-2042: initialize attr in spellmoveto and capture emptyline before mlgetbuf invalidates...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: vim (UTSA-2025-986169)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986169 advisory. A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd...

SUSE CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

ALPINE-CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

AZL-47388 CVE-2024-41957 affecting package vim for versions less than 9.0.2190-4

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

AZL-47340 CVE-2024-41957 affecting package vim for versions less than 9.0.2121-4

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

UBUNTU-CVE-2024-41957

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

CVE-2024-41957 Vim double free in src/alloc.c:616

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

CVE-2024-41957 Vim double free in src/alloc.c:616

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

CVE-2024-41957 Vim double free in src/alloc.c:616

Vim is an open source command line text editor. Vim v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points...

PT-2024-5765 · Vim +6 · Vim +6

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.0647 Description: The issue exists due to a double-free error in the src/alloc.c file, specifically in the tagstack clear entry function. When a window is closed, the corresponding tagstack data is cleared and freed...

SUSE CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to...

EulerOS 2.0 SP10 : vim (EulerOS-SA-2023-1375)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the...

OESA-2022-2043 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

vim autocmd quickfix.c qf_update_buffer use after free

...

UBUNTU-CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to...

PT-2022-5349 · Vim +8 · Vim +8

Name of the Vulnerable Software and Affected Versions: vim versions prior to 9.0.0805 Description: A vulnerability was found in the function qf update buffer of the file quickfix.c of the component autocmd Handler, which leads to use after free. The attack may be launched remotely, potentially...

quickfix-j.364392.n2.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1183786 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

ElasticSearch 1.7.2 Cloud-Azure Insecure Transit Vulnerability

The connection string for ELK cloud-azure plugin contains hardcoded http url with the lack of encryption and certificate validation, therefore it is prone to sniffing and MiTM attacks. A potential attacker with the required access to the network traffic would be able to intercept the content of t...