Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-45130

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-08 May, 2026 | 22:42
Updated At-08 May, 2026 | 22:42
Rejected At-
Credits

Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:08 May, 2026 | 22:42
Updated At:08 May, 2026 | 22:42
Rejected At:
â–¼CVE Numbering Authority (CNA)
Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Affected Products
Vendor
Vimvim
Product
vim
Versions
Affected
  • < 9.2.0450
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
x_refsource_CONFIRM
https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0450
x_refsource_MISC
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8
Resource:
x_refsource_MISC
Hyperlink: https://github.com/vim/vim/releases/tag/v9.2.0450
Resource:
x_refsource_MISC
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:08 May, 2026 | 23:16
Updated At:08 May, 2026 | 23:16

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.6MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Type: Secondary
Version: 3.1
Base score: 6.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-122Primarysecurity-advisories@github.com
CWE-190Primarysecurity-advisories@github.com
CWE ID: CWE-122
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-190
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8security-advisories@github.com
N/A
https://github.com/vim/vim/releases/tag/v9.2.0450security-advisories@github.com
N/A
https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwvsecurity-advisories@github.com
N/A
Hyperlink: https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/vim/vim/releases/tag/v9.2.0450
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
Source: security-advisories@github.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

83Records found
CVE-2022-2849
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.88%
||
7 Day CHG+0.01%
Published-17 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2021-3968
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8||HIGH
EPSS-0.79% / 74.02%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:40
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3973
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.36% / 58.04%
||
7 Day CHG~0.00%
Published-19 Nov, 2021 | 11:35
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-4019
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.1||HIGH
EPSS-0.27% / 50.52%
||
7 Day CHG+0.07%
Published-01 Dec, 2021 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3984
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.18% / 38.80%
||
7 Day CHG~0.00%
Published-01 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3903
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.37% / 58.75%
||
7 Day CHG~0.00%
Published-27 Oct, 2021 | 21:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3875
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.28%
||
7 Day CHG~0.00%
Published-15 Oct, 2021 | 13:40
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3927
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.23% / 45.57%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-Fedora ProjectVimDebian GNU/Linux
Product-vimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3872
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.44%
||
7 Day CHG-0.02%
Published-19 Oct, 2021 | 12:30
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3778
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.48%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-NetApp, Inc.Fedora ProjectVimDebian GNU/Linux
Product-ontap_select_deploy_administration_utilityvimdebian_linuxfedoravim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3770
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.29% / 52.65%
||
7 Day CHG~0.00%
Published-06 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

vim is vulnerable to Heap-based Buffer Overflow

Action-Not Available
Vendor-NetApp, Inc.VimFedora Project
Product-ontap_select_deploy_administration_utilityfedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-2571
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.90%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 14:12
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-2580
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.3||HIGH
EPSS-0.04% / 12.98%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 14:12
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-2522
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.84%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 00:00
Updated-03 Aug, 2024 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2023-48236
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:47
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
overflow in get_number in vim

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-48234
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.04% / 11.67%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:52
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
overflow in nv_z_get_count in vim

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4751
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.51%
||
7 Day CHG~0.00%
Published-03 Sep, 2023 | 18:54
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-48235
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-2.8||LOW
EPSS-0.04% / 13.55%
||
7 Day CHG~0.00%
Published-16 Nov, 2023 | 22:50
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
overflow in ex address parsing in vim

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-4734
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.85%
||
7 Day CHG~0.00%
Published-02 Sep, 2023 | 17:42
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in vim/vim

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Action-Not Available
Vendor-VimApple Inc.
Product-macosvimvim/vim
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-46246
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4||MEDIUM
EPSS-0.01% / 2.01%
||
7 Day CHG~0.00%
Published-27 Oct, 2023 | 18:36
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow in :history command in Vim

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

Action-Not Available
Vendor-Vim
Product-vimvim
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-416
Use After Free
CVE-2022-2819
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.04% / 10.90%
||
7 Day CHG~0.00%
Published-15 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.

Action-Not Available
Vendor-Fedora ProjectVim
Product-fedoravimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-2125
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.8||HIGH
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-19 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-Fedora ProjectVimApple Inc.
Product-fedoramacosvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-43802
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.08% / 22.88%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 18:48
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.

Action-Not Available
Vendor-Vim
Product-vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-43790
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-4.5||MEDIUM
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 21:23
Updated-18 Aug, 2025 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
heap-buffer-overflow in do_search() in Vim < 9.1.0689

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.

Action-Not Available
Vendor-VimNetApp, Inc.
Product-vimbootstrap_oshci_compute_nodevim
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-3491
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4||MEDIUM
EPSS-0.02% / 5.15%
||
7 Day CHG~0.00%
Published-03 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.

Action-Not Available
Vendor-Vim
Product-vimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-0417
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-6
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.4||HIGH
EPSS-0.33% / 56.12%
||
7 Day CHG-0.02%
Published-01 Feb, 2022 | 00:00
Updated-03 Nov, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Action-Not Available
Vendor-VimFedora ProjectDebian GNU/Linux
Product-fedoradebian_linuxvimvim/vim
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-41666
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 3.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 05:56
Updated-03 May, 2026 | 22:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.

Action-Not Available
Vendor-Samsung Open Source
Product-ONE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41667
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 3.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 05:57
Updated-03 May, 2026 | 22:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.

Action-Not Available
Vendor-Samsung Open Source
Product-ONE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-40450
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 4.56%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 05:53
Updated-03 May, 2026 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.

Action-Not Available
Vendor-Samsung Open Source
Product-ONE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-40449
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 3.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 05:51
Updated-03 May, 2026 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.

Action-Not Available
Vendor-Samsung Open Source
Product-ONE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-41664
Matching Score-4
Assigner-Samsung TV & Appliance
ShareView Details
Matching Score-4
Assigner-Samsung TV & Appliance
CVSS Score-6.6||MEDIUM
EPSS-0.01% / 3.12%
||
7 Day CHG~0.00%
Published-22 Apr, 2026 | 05:54
Updated-22 Apr, 2026 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.

Action-Not Available
Vendor-Samsung Open Source
Product-ONE
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-3463
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.6||MEDIUM
EPSS-0.17% / 37.17%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 13:40
Updated-21 Oct, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GE Digital CIMPLICITY Heap-based Buffer Overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.

Action-Not Available
Vendor-geGE Digital
Product-cimplicityCIMPLICITY
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21504
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.02% / 5.44%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 17:10
Updated-09 Jan, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Heap Buffer Overflow in iccDEV ToneMap Parser

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buffer overflow in the ToneMap parser. This issue has been patched in version 2.3.1.2.

Action-Not Available
Vendor-InternationalColorConsortiumInternational Color Consortium (ICC)
Product-iccdeviccDEV
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-193
Off-by-one Error
CWE ID-CWE-787
Out-of-bounds Write
  • Previous
  • 1
  • 2
  • Next
Details not found