CVE-2021-3236

A NULL pointer dereference vulnerability was found in Vim in the exbufferall function in the src/buffer.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash. Mitigation Do not r...

CVE-2023-3896

A flaw was found in Vim. When foldcolumn and smoothscrool are on, a divide by zero issue may occur in the scrollcursorbot function, causing a program crash. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

CVE-2023-2609

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

CVE-2023-2426

An out-of-range pointer offset vulnerability was found in Vim's mbcharlen function of the src/mbyte.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering the vulnerability that causes an application to crash, leading to a denial of service...

CVE-2023-1264

A NULL pointer dereference vulnerability was discovered in vim's utfcptr2len function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes a...

CVE-2023-0054

An out-of-bounds write flaw was found in Vim, in the dostringsub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vimregsub function when a specially crafted input is processed. This flaw allows an attacker who can...

CVE-2023-0051

A heap-based buffer overflow was found in Vim in the msgputsprintf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into openi...

CVE-2022-4141

A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory...

CVE-2022-1725

A NULL pointer dereference vulnerability was found in Vim's vimregexecstring function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service. Mitigation Untrusted vim scrip...

CVE-2022-3297

A heap use-after-free vulnerability was found in Vim's processnextcptvalue function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially craft...

CVE-2022-3016

A heap use-after-free vulnerability was found in vim's getnextvalidentry function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file,...

CVE-2022-2522

A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file,...

CVE-2022-2287

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

CVE-2022-2286

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. Mitigation Untrusted vim scripts with -s scriptin are not recommended to run...

CVE-2022-2042

A heap use-after-free vulnerability was found in Vim's skipwhite function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a...

CVE-2022-1735

A flaw was found in vim. The vulnerability occurs due to Illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s scriptin are not...

CVE-2022-1674

A NULL pointer dereference flaw was found in vim's vimregexecstring function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer...

CVE-2022-0685

A flaw was found in vim. The vulnerability occurs due to a crash when using a special multi-byte character and leads to an out-of-range vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution. Mitigation Untrusted vim scripts with -s...

CVE-2022-0696

A NULL pointer dereference flaw was found in vim's finducmd function of usercmd.c file. This flaw allows an attacker to trick a user into opening a crafted file, triggering a NULL pointer dereference. This issue leads to an application crash, causing a denial of service. Mitigation Untrusted vim...