MGASA-2026-0167 Updated vim packages fix security vulnerabilities

Heap Buffer Overflow in spell file loading affects Vim 9.2.0450. CVE-2026-45130 Vimscript Code Injection in netrw NetrwMarkFile via crafted filename affects Vim 9.2.0480. CVE-2026-43961 Command Injection in tar.vim affects Vim 9.2.0479. CVE-2026-46483 Vimscript Code Injection in netrw...

Vim: Heap Buffer Overflow in spell file loading

...

Linux Distros Unpatched Vulnerability : CVE-2026-45130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a...

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in readcompound in src/spellfile.c when loading a crafted spell file .spl with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-b...