cbcvebase.
CVE-2007-2953
published 2007-07-31

CVE-2007-2953: Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to…

PriorityP432medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.18%
89.7th percentile
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianvim< vim 1:7.1-056+1 (bookworm)vim 1:7.1-056+1 (bookworm)
vimvim>= 0 < 1:7.1-056+11:7.1-056+1
vimvim>= 0 < 1:7.1-056+11:7.1-056+1
vimvim>= 0 < 1:7.1-056+11:7.1-056+1
vimvim>= 0 < 1:7.1-056+11:7.1-056+1
vim_development_groupvim<= 6.4
vim_development_groupvim
vim_development_groupvim
vim_development_groupvim

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.