Vim Security Vulnerabilities and Issues — Vim CVE List

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

7.8CVSS7.9AI score0.00177EPSS

CVE•added 2021/12/01 10:15 a.m.•275 views

CVE-2021-4019

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.4AI score0.00113EPSS

CVE•added 2021/12/31 3:15 p.m.•270 views

CVE-2021-4192

vim is vulnerable to Use After Free

7.8CVSS7.1AI score0.00329EPSS

CVE•added 2021/12/01 11:15 a.m.•263 views

CVE-2021-3984

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.5AI score0.00223EPSS

CVE•added 2023/01/21 3:15 p.m.•256 views

CVE-2023-0433

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

7.8CVSS7.8AI score0.00016EPSS

CVE•added 2022/04/18 1:15 a.m.•253 views

CVE-2022-1381

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

7.8CVSS8AI score0.00065EPSS

CVE•added 2023/01/04 4:15 p.m.•244 views

CVE-2023-0049

Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.

7.8CVSS7.4AI score0.00017EPSS

CVE•added 2022/01/18 4:15 p.m.•231 views

CVE-2022-0261

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS8.8AI score0.00166EPSS

CVE•added 2022/01/26 12:15 p.m.•231 views

CVE-2022-0359

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS8AI score0.00084EPSS

CVE•added 2023/01/04 7:15 p.m.•228 views

CVE-2023-0054

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

7.8CVSS7.3AI score0.00016EPSS

CVE•added 2023/01/13 4:15 p.m.•227 views

CVE-2023-0288

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.

7.8CVSS7.4AI score0.0003EPSS

CVE•added 2022/05/31 2:15 p.m.•225 views

CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.0051EPSS

CVE•added 2021/12/25 7:15 p.m.•223 views

CVE-2021-4166

vim is vulnerable to Out-of-bounds Read

7.1CVSS8.1AI score0.00224EPSS

CVE•added 2022/01/28 10:15 p.m.•223 views

CVE-2022-0392

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

7.8CVSS7.9AI score0.00086EPSS

CVE•added 2022/05/27 3:15 p.m.•222 views

CVE-2022-1897

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.9AI score0.0044EPSS

CVE•added 2023/10/02 8:15 p.m.•221 views

CVE-2023-5344

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

7.5CVSS5.9AI score0.00062EPSS

CVE•added 2021/11/05 3:15 p.m.•220 views

CVE-2021-3927

vim is vulnerable to Heap-based Buffer Overflow

7.8CVSS7.5AI score0.0016EPSS

CVE•added 2022/06/19 7:15 p.m.•215 views

CVE-2022-2129

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00101EPSS

CVE•added 2021/11/19 11:15 a.m.•214 views

CVE-2021-3974

vim is vulnerable to Use After Free

7.8CVSS7.4AI score0.00195EPSS

CVE•added 2023/01/04 6:15 p.m.•212 views

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

7.8CVSS7.4AI score0.00018EPSS

CVE•added 2021/11/05 3:15 p.m.•211 views

CVE-2021-3928

vim is vulnerable to Use of Uninitialized Variable

7.8CVSS7.4AI score0.00056EPSS

CVE•added 2022/08/23 5:15 p.m.•208 views

CVE-2022-2946

Use After Free in GitHub repository vim/vim prior to 9.0.0246.

7.8CVSS7.7AI score0.00039EPSS

CVE•added 2023/09/04 2:15 p.m.•208 views

CVE-2023-4752

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

7.8CVSS7.8AI score0.0004EPSS

CVE•added 2016/11/23 3:59 p.m.•205 views

CVE-2016-1248

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

7.8CVSS7.1AI score0.23182EPSS

CVE•added 2022/07/05 1:15 p.m.•203 views

CVE-2022-2304

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.

7.8CVSS7.8AI score0.00058EPSS

CVE•added 2022/05/08 11:15 a.m.•201 views

CVE-2022-1620

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

7.5CVSS6.7AI score0.00068EPSS

CVE•added 2022/06/09 4:15 p.m.•194 views

CVE-2022-2000

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.7AI score0.00238EPSS

CVE•added 2022/09/03 4:15 p.m.•194 views

CVE-2022-3099

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

7.8CVSS7.7AI score0.00043EPSS

CVE•added 2022/09/22 1:15 p.m.•193 views

CVE-2022-3256

Use After Free in GitHub repository vim/vim prior to 9.0.0530.

7.8CVSS7.8AI score0.00054EPSS

CVE•added 2022/10/26 8:15 p.m.•193 views

CVE-2022-3705

A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to ad...

7.5CVSS6.7AI score0.00194EPSS

CVE•added 2022/07/02 4:15 p.m.•192 views

CVE-2022-2285

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.

7.8CVSS7.8AI score0.00171EPSS

CVE•added 2022/11/25 2:15 p.m.•192 views

CVE-2022-4141

Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.

7.8CVSS7.6AI score0.0003EPSS

CVE•added 2022/01/26 6:15 p.m.•191 views

CVE-2022-0368

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8CVSS6.8AI score0.00142EPSS

CVE•added 2021/12/06 12:15 p.m.•190 views

CVE-2021-4069

vim is vulnerable to Use After Free

7.8CVSS7.4AI score0.00202EPSS

CVE•added 2022/09/27 11:15 p.m.•187 views

CVE-2022-3324

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.

7.8CVSS7.8AI score0.00045EPSS

CVE•added 2022/05/29 2:15 p.m.•184 views

CVE-2022-1927

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8CVSS7.9AI score0.00093EPSS

CVE•added 2022/05/10 2:15 p.m.•182 views

CVE-2022-1629

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

7.8CVSS7.5AI score0.00501EPSS

CVE•added 2022/12/05 7:15 p.m.•182 views

CVE-2022-4292

Use After Free in GitHub repository vim/vim prior to 9.0.0882.

7.8CVSS8.7AI score0.00322EPSS

Total number of security vulnerabilities126