Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698.
Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Use After Free in GitHub repository vim/vim prior to 9.0.0882.
Vim is an open source, command line text editor. Prior to 9.2.0699, Vim's Python omni-completion (runtime/autoload/python3complete.vim and the legacy pythoncomplete.vim) executes reconstructed function and class definitions from the current buffer with exec() as part of populating the completion dictionary. When reconstructing that source, each scope's docstring is inserted verbatim between triple quotes with no escaping, so a hostile buffer can break out of the triple-quoted literal and execute attacker-controlled Python during omni-completion. This vulnerability is fixed in 9.2.0699.
Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.
Use After Free in GitHub repository vim/vim prior to 9.0.0789.
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
Use After Free in GitHub repository vim/vim prior to 9.0.0360.