SUSE-SU-2026:21859-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

CLSA-2026-1779496075 vim: Fix of CVE-2026-45130

CVE-2026-45130: fix heap buffer overflow in readcompound in src/spellfile.c...

CVE-2026-45130

A flaw was found in Vim, an open-source command-line text editor. A heap buffer overflow exists in the readcompound function when processing a specially crafted spell file .spl with UTF-8 encoding active. A remote attacker could exploit this by convincing a user to open a text file containing a...

Vim < 9.2.0450 Heap Buffer Overflow (GHSA-q4jv-r9gj-6cwv)

The version of Vim installed on the remote host is prior to 9.2.0450. It is, therefore, affected by a vulnerability as referenced in the GHSA-q4jv-r9gj-6cwv advisory. - An integer overflow in the readcompound function within src/spellfile.c produces a heap buffer overflow when processing maliciou...

SUSE CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

CVE-2026-45130

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

EUVD-2026-28871

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...

EUVD-2026-24835

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2len with offsetof in smb2calcmaxoutbuflen After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", response buffer management was changed to use dynamic iov array. In the new design,...