A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.
Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698.
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (arridx[], curi[], wordcount[]). A crafted .spl/.sug file pair, loaded when the user invokes spell suggestion, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0653.
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
vim is vulnerable to Heap-based Buffer Overflow