Debian Vim vulnerabilities

CVE-2025-66476 [HIGH] CVE-2025-66476: vim - Vim is an open source, command line text editor. Prior to version 9.1.1947, an u... Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system

CVE-2025-9390 [MEDIUM] CVE-2025-9390: vim - A security flaw has been discovered in vim up to 9.1.1615. Affected by this vuln... A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is

CVE-2025-1215 [LOW] CVE-2025-1215: vim - A vulnerability classified as problematic was found in vim up to 9.1.1096. This ... A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc

CVE-2025-24014 [MEDIUM] CVE-2025-24014: vim - Vim is an open source, command line text editor. A segmentation fault was found ... Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function t

CVE-2025-9389 [MEDIUM] CVE-2025-9389: vim - A vulnerability was identified in vim 9.1.0000. Affected is the function __memmo... A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears n

CVE-2025-55157 [MEDIUM] CVE-2025-55157: vim - Vim is an open source, command line text editor. In versions from 9.1.1231 to be... Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vim’s internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory co

CVE-2025-27423 [HIGH] CVE-2025-27423: vim - Vim is an open source, command line text editor. Vim is distributed with the tar... Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows

CVE-2024-22667 [HIGH] CVE-2024-22667: vim - Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in... Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. Scope: local bookworm: resolved (fixed in 2:9.0.1378-2+deb12u1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.2189-1) sid: resolved (fixed in 2:9.0.218

CVE-2024-43802 [MEDIUM] CVE-2024-43802: vim - Vim is an improved version of the unix vi text editor. When flushing the typeahe... Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then

CVE-2024-41965 [MEDIUM] CVE-2024-41965: vim - Vim is an open source command line text editor. double-free in dialog_changed() ... Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will fa

CVE-2024-47814 [LOW] CVE-2024-47814: vim - Vim is an open source, command line text editor. A use-after-free was found in V... Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some

CVE-2024-41957 [MEDIUM] CVE-2024-41957: vim - Vim is an open source command line text editor. Vim < v9.1.0647 has double free ... Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in

CVE-2024-45306 [MEDIUM] CVE-2024-45306: vim - Vim is an open source, command line text editor. Patch v9.1.0038 optimized how t... Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor pos

CVE-2024-43790 [MEDIUM] CVE-2024-43790: vim - Vim is an open source command line text editor. When performing a search and dis... Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains s

CVE-2024-43374 [MEDIUM] CVE-2024-43374: vim - The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argu... The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the a

CVE-2023-4752 [HIGH] CVE-2023-4752: vim - Use After Free in GitHub repository vim/vim prior to 9.0.1858. Use After Free in GitHub repository vim/vim prior to 9.0.1858. Scope: local bookworm: resolved (fixed in 2:9.0.1378-2+deb12u1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.1894-1) sid: resolved (fixed in 2:9.0.1894-1) trixie: resolved (fixed in 2:9.0.1894-1)

CVE-2023-4738 [HIGH] CVE-2023-4738: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. Scope: local bookworm: resolved (fixed in 2:9.0.1378-2+deb12u1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.1894-1) sid: resolved (fixed in 2:9.0.1894-1) trixie: resolved (fixed in 2:9.0.1894-1)

CVE-2023-2610 [HIGH] CVE-2023-2610: vim - Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. Scope: local bookworm: resolved (fixed in 2:9.0.1378-2+deb12u1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.1658-1) sid: resolved (fixed in 2:9.0.1658-1) trixie: resolved (fixed in 2:9.0.1658-1)

CVE-2023-4781 [HIGH] CVE-2023-4781: vim - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Scope: local bookworm: resolved (fixed in 2:9.0.1378-2+deb12u1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.1894-1) sid: resolved (fixed in 2:9.0.1894-1) trixie: resolved (fixed in 2:9.0.1894-1)

CVE-2023-0054 [HIGH] CVE-2023-0054: vim - Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. Scope: local bookworm: resolved (fixed in 2:9.0.1378-1) bullseye: resolved (fixed in 2:8.2.2434-3+deb11u2) forky: resolved (fixed in 2:9.0.1378-1) sid: resolved (fixed in 2:9.0.1378-1) trixie: resolved (fixed in 2:9.0.1378-1)