468 matches found
OESA-2026-2862 vim security update
Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...
Vim < 9.2.0662 Stack Out-of-Bounds Write (GHSA-qm9w-fmpj-879h)
The version of Vim installed on the remote host is prior to 9.2.0662. It is, therefore, affected by a vulnerability. - The dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded...
Vim < 9.2.0653 Stack Out-of-Bounds Write (GHSA-wgh4-64f7-q3jq)
The version of Vim installed on the remote host is prior to 9.2.0653. It is, therefore, affected by a vulnerability. - The treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded onl...
CVE-2026-57455
A memory corruption flaw in Vim allows an attacker to cause a Denial of Service DoS. When a SOFO-based spell language is active, providing an excessively long word to the spell checker triggers a stack out-of-bounds write in the spellsoundfoldsofo function, causing the editor to crash. Mitigation...
Linux Distros Unpatched Vulnerability : CVE-2026-57455
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spel...
CVE-2026-55892
A flaw was found in Vim, an open-source command-line text editor. A remote attacker could exploit this vulnerability by convincing a user to load a specially crafted spell file. This malicious file can trigger a stack out-of-bounds write, which corrupts the editor's memory and causes it to crash...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-55693
Vim prior to 9.2.0653 is affected by a stack-out-of-bounds write in tree_count_words() (src/spellfile.c) when loading crafted .spl/.sug files for spell suggestions. The depth counter can exceed the fixed MAXWLEN-element stacks (arridx[], curi[], wordcount[]), causing writes past array bounds, cor...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-55693 Vim: Out-of-bounds Write in Spell File Word Count
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-55693
Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...
CVE-2026-55892
Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...
CVE-2026-55892
Vim vulnerability CVE-2026-55892 affects Vim prior to 9.2.0662. The dump_prefixes() function in src/spell.c walks a spell-file prefix trie with a depth counter and indexes fixed MAXWLEN-element arrays (prefix[], arridx[], curi[]). The depth bound is the trie itself, not the array size, allowing a...
CVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix Dump
Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...
CVE-2026-55892
Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...
CVE-2026-57455
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...
CVE-2026-57455
Vim (open source editor) prior to version 9.2.0698 is affected by a stack out-of-bounds write in spell_soundfold_sofo() (src/spell.c). The single-byte branch translates a word through a SOFO byte map into a caller-owned result buffer; the copy loop advances the output index with no upper bound an...
CVE-2026-57455 Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spellsoundfoldsofo in src/spell.c translates a word through a spell file's SOFO sound-folding byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound an...
PT-2026-52472
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0653 Description The tree count words function in src/spellfile.c fails to validate a depth counter against the size of fixed MAXWLEN-element stack arrays, specifically arridx, curi, and wordcount. A specially crafted...
PT-2026-52480
Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0698 Description A stack out-of-bounds write occurs in the single-byte branch of the spell soundfold sofo function within src/spell.c. When a SOFO-based spell language is active, the copy loop translates a word using ...