Vim Security Vulnerabilities and Issues — Page 3 of Vim CVE List

Lucene search

VimVim

212 matches found

CVE•added 2022/02/10 10:15 p.m.•156 views

CVE-2022-0554

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

8.4CVSS8.2AI score0.00294EPSS

CVE•added 2022/05/08 10:15 a.m.•156 views

CVE-2022-1619

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

7.8CVSS7.3AI score0.00387EPSS

CVE•added 2023/10/11 8:15 p.m.•155 views

CVE-2023-5535

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

7.8CVSS7.7AI score0.00023EPSS

CVE•added 2022/05/19 1:15 p.m.•154 views

CVE-2022-1785

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.

7.8CVSS7.6AI score0.00033EPSS

CVE•added 2022/01/10 4:15 p.m.•152 views

CVE-2022-0156

vim is vulnerable to Use After Free

6.8CVSS6.3AI score0.00123EPSS

CVE•added 2022/06/27 12:15 p.m.•152 views

CVE-2022-2207

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.8AI score0.00114EPSS

CVE•added 2022/12/03 1:15 p.m.•152 views

CVE-2022-3491

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.

7.8CVSS5.8AI score0.00018EPSS

CVE•added 2023/01/30 4:15 p.m.•152 views

CVE-2023-0512

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.

7.8CVSS7.3AI score0.00013EPSS

CVE•added 2019/12/30 1:15 a.m.•151 views

CVE-2019-20079

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

7.8CVSS7.5AI score0.00194EPSS

CVE•added 2022/06/19 12:15 p.m.•150 views

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.8AI score0.00153EPSS

CVE•added 2022/07/08 10:15 p.m.•150 views

CVE-2022-2345

Use After Free in GitHub repository vim/vim prior to 9.0.0046.

7.8CVSS7.8AI score0.00036EPSS

CVE•added 2022/01/21 2:15 p.m.•148 views

CVE-2022-0319

Out-of-bounds Read in vim/vim prior to 8.2.

5.5CVSS6.8AI score0.00106EPSS

CVE•added 2022/09/29 12:15 p.m.•148 views

CVE-2022-3352

Use After Free in GitHub repository vim/vim prior to 9.0.0614.

7.8CVSS7.8AI score0.00021EPSS

CVE•added 2023/10/05 9:15 p.m.•148 views

CVE-2023-5441

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

6.2CVSS6.4AI score0.00019EPSS

CVE•added 2022/12/02 5:15 p.m.•144 views

CVE-2022-3591

Use After Free in GitHub repository vim/vim prior to 9.0.0789.

7.8CVSS7.7AI score0.00075EPSS

CVE•added 2024/02/05 8:15 a.m.•144 views

CVE-2024-22667

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.

7.8CVSS7.7AI score0.00179EPSS

CVE•added 2021/11/19 12:15 p.m.•143 views

CVE-2021-3968

vim is vulnerable to Heap-based Buffer Overflow

8.5CVSS7.7AI score0.0031EPSS

CVE•added 2022/04/21 11:15 a.m.•142 views

CVE-2022-1420

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

6.8CVSS6.5AI score0.00058EPSS

CVE•added 2022/05/12 11:15 a.m.•142 views

CVE-2022-1674

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

6.6CVSS6.1AI score0.00113EPSS

CVE•added 2022/05/27 9:15 a.m.•142 views

CVE-2022-1898

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.8AI score0.00187EPSS

CVE•added 2022/08/25 8:15 p.m.•141 views

CVE-2022-2980

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.

6.3CVSS6.4AI score0.00041EPSS

CVE•added 2022/03/30 7:15 p.m.•139 views

CVE-2022-1160

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

7.8CVSS7.6AI score0.00115EPSS

CVE•added 2022/05/25 1:15 p.m.•139 views

CVE-2022-1851

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.0011EPSS

CVE•added 2022/05/17 7:15 p.m.•138 views

CVE-2022-1735

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

7.8CVSS7AI score0.0017EPSS

CVE•added 2022/06/27 1:15 p.m.•137 views

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.

7.8CVSS6.5AI score0.00062EPSS

CVE•added 2022/08/30 9:15 p.m.•137 views

CVE-2022-3037

Use After Free in GitHub repository vim/vim prior to 9.0.0322.

7.8CVSS7.7AI score0.00044EPSS

CVE•added 2022/09/06 8:15 p.m.•137 views

CVE-2022-3134

Use After Free in GitHub repository vim/vim prior to 9.0.0389.

7.8CVSS7.7AI score0.00033EPSS

CVE•added 2022/12/05 7:15 p.m.•137 views

CVE-2022-4293

Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.

6.8CVSS6.8AI score0.00133EPSS

CVE•added 2022/06/20 3:15 p.m.•136 views

CVE-2022-1720

Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.

7.8CVSS7AI score0.00595EPSS

CVE•added 2022/06/26 7:15 p.m.•136 views

CVE-2022-2206

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00108EPSS

CVE•added 2022/05/19 4:15 p.m.•134 views

CVE-2022-1796

Use After Free in GitHub repository vim/vim prior to 8.2.4979.

7.8CVSS7AI score0.00061EPSS

CVE•added 2022/01/10 4:15 p.m.•132 views

CVE-2022-0158

vim is vulnerable to Heap-based Buffer Overflow

6.8CVSS5.4AI score0.00131EPSS

CVE•added 2022/01/28 10:15 p.m.•132 views

CVE-2022-0393

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

8.4CVSS7.2AI score0.00063EPSS

CVE•added 2022/06/19 1:15 p.m.•130 views

CVE-2022-2126

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.8AI score0.00097EPSS

CVE•added 2023/11/16 11:15 p.m.•130 views

CVE-2023-48231

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit 25aabc2b which has been included in release version 9.0....

4.3CVSS5.1AI score0.00052EPSS

CVE•added 2021/09/06 12:15 p.m.•128 views

CVE-2021-3770

vim is vulnerable to Heap-based Buffer Overflow

8.6CVSS7.6AI score0.00131EPSS

CVE•added 2023/11/16 11:15 p.m.•128 views

CVE-2023-48233

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in com...

4.3CVSS4.8AI score0.00053EPSS

CVE•added 2022/08/25 8:15 p.m.•127 views

CVE-2022-2982

Use After Free in GitHub repository vim/vim prior to 9.0.0260.

7.8CVSS7.6AI score0.00046EPSS

CVE•added 2023/01/20 7:15 p.m.•127 views

CVE-2022-47024

A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.

7.8CVSS7.2AI score0.00039EPSS

CVE•added 2025/02/12 7:15 p.m.•126 views

CVE-2025-1215

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able ...

7.8CVSS4AI score0.00112EPSS

CVE•added 2017/02/27 7:59 a.m.•125 views

CVE-2017-6349

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

9.8CVSS8.6AI score0.00623EPSS

CVE•added 2022/06/27 4:15 p.m.•125 views

CVE-2022-2210

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00114EPSS

CVE•added 2022/01/30 2:15 p.m.•124 views

CVE-2022-0407

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS6.4AI score0.00074EPSS

CVE•added 2017/07/08 5:29 p.m.•123 views

CVE-2017-11109

Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.

7.8CVSS6.7AI score0.00281EPSS

CVE•added 2022/09/08 3:15 p.m.•123 views

CVE-2022-3153

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.

6.1CVSS6.3AI score0.00036EPSS

CVE•added 2017/02/27 7:59 a.m.•121 views

CVE-2017-6350

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

9.8CVSS8.6AI score0.00774EPSS

CVE•added 2022/05/18 8:15 p.m.•121 views

CVE-2022-1771

Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.

5.5CVSS6.4AI score0.00082EPSS

CVE•added 2023/03/03 11:15 p.m.•121 views

CVE-2023-1170

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.

7.3CVSS7AI score0.00051EPSS

CVE•added 2022/05/17 5:15 p.m.•120 views

CVE-2022-1769

Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.