Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
Use After Free in GitHub repository vim/vim prior to 8.2.
vim is vulnerable to Out-of-bounds Read
vim is vulnerable to Use After Free
vim is vulnerable to Use After Free
vim is vulnerable to Use After Free
vim is vulnerable to Use After Free
Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.
Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.
vim is vulnerable to Use After Free
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.
Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never checked against the size of the fixed MAXWLEN-element stack arrays it indexes (prefix[], arridx[], curi[]). A crafted .spl file, loaded when the user dumps the word list, can drive the descent arbitrarily deep, so the function writes past the end of those arrays. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0662.
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
Heap-based Buffer Overflow in vim/vim prior to 8.2.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
vim is vulnerable to Heap-based Buffer Overflow
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW in InitCPUInformation() that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Out of bounds write vulnerability due to improper bounds checking in NI LabVIEW reading CPU info from cache that may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI. This vulnerability affects NI LabVIEW 2025 Q1 and prior versions.
A maliciously crafted X_B file when parsed through Autodesk Maya 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Substance3D - Sampler versions 4.5.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.