Vim Security Vulnerabilities and Issues — Page 2 of Vim CVE List

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

7.8CVSS7.1AI score0.23182EPSS

CVE•added 2022/07/05 1:15 p.m.•201 views

CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

7.8CVSS7.8AI score0.00063EPSS

CVE•added 2022/12/02 7:15 p.m.•200 views

CVE-2022-3520

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.

9.8CVSS8.7AI score0.00072EPSS

CVE•added 2022/02/17 12:15 p.m.•199 views

CVE-2022-0629

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.2AI score0.01684EPSS

CVE•added 2022/05/08 11:15 a.m.•199 views

CVE-2022-1620

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

7.5CVSS6.7AI score0.00068EPSS

CVE•added 2022/01/26 1:15 p.m.•193 views

CVE-2022-0361

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.8AI score0.00108EPSS

CVE•added 2022/02/21 8:15 p.m.•193 views

CVE-2022-0696

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

6.2CVSS6.4AI score0.00151EPSS

CVE•added 2022/09/03 4:15 p.m.•193 views

CVE-2022-3099

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

7.8CVSS7.7AI score0.00054EPSS

CVE•added 2022/01/25 6:15 p.m.•192 views

CVE-2022-0351

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.8AI score0.00036EPSS

CVE•added 2022/06/09 4:15 p.m.•192 views

CVE-2022-2000

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00334EPSS

CVE•added 2022/09/22 1:15 p.m.•191 views

CVE-2022-3256

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

7.8CVSS7.8AI score0.00054EPSS

CVE•added 2022/01/26 6:15 p.m.•190 views

CVE-2022-0368

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8CVSS6.8AI score0.00142EPSS

CVE•added 2022/07/02 4:15 p.m.•190 views

CVE-2022-2285

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.

7.8CVSS7.8AI score0.00171EPSS

CVE•added 2022/10/26 8:15 p.m.•190 views

CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to ad...

7.5CVSS6.7AI score0.00194EPSS

CVE•added 2022/11/25 2:15 p.m.•190 views

CVE-2022-4141

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

7.8CVSS7.6AI score0.0003EPSS

CVE•added 2021/12/06 12:15 p.m.•188 views

CVE-2021-4069

vim is vulnerable to Use After Free

7.8CVSS7.4AI score0.00202EPSS

CVE•added 2022/09/27 11:15 p.m.•185 views

CVE-2022-3324

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

7.8CVSS7.8AI score0.00045EPSS

CVE•added 2022/05/29 2:15 p.m.•181 views

CVE-2022-1927

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.9AI score0.00093EPSS

CVE•added 2021/12/19 5:15 p.m.•179 views

CVE-2021-4136

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS8.3AI score0.00154EPSS

CVE•added 2022/12/05 7:15 p.m.•179 views

CVE-2022-4292

Use After Free in GitHub repository vim/vim prior to 9.0.0882.

7.8CVSS8.7AI score0.00322EPSS

CVE•added 2022/05/10 2:15 p.m.•178 views

CVE-2022-1629

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

7.8CVSS7.5AI score0.00501EPSS

CVE•added 2023/08/07 1:15 p.m.•174 views

CVE-2023-3896

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

7.8CVSS5.5AI score0.00374EPSS

CVE•added 2017/02/10 7:59 a.m.•171 views

CVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

9.8CVSS8.7AI score0.01292EPSS

CVE•added 2022/05/07 7:15 p.m.•171 views

CVE-2022-1616

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

7.8CVSS7.9AI score0.00119EPSS

CVE•added 2022/06/02 2:15 p.m.•170 views

CVE-2022-1968

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00129EPSS

CVE•added 2022/09/23 10:15 p.m.•169 views

CVE-2022-3278

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.

6.8CVSS6.3AI score0.00038EPSS

CVE•added 2022/01/06 5:15 p.m.•166 views

CVE-2022-0128

vim is vulnerable to Out-of-bounds Read