Filtered by vendor Vim
Subscriptions
Total
210 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-3432 | 2 Redhat, Vim | 2 Enterprise Linux, Vim | 2025-04-09 | N/A |
| Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case. | ||||
| CVE-2008-3075 | 2 Redhat, Vim | 3 Enterprise Linux, Vim, Zipplugin.vim | 2025-04-09 | N/A |
| The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier. | ||||
| CVE-2008-4101 | 2 Redhat, Vim | 2 Enterprise Linux, Vim | 2025-04-09 | N/A |
| Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" (semicolon) followed by a command, or execute arbitrary Ex commands by entering an argument after a (2) "Ctrl-]" (control close-square-bracket) or (3) "g]" (g close-square-bracket) keystroke sequence, a different issue than CVE-2008-2712. | ||||
| CVE-2023-0288 | 1 Vim | 1 Vim | 2025-04-07 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | ||||
| CVE-2022-47024 | 2 Redhat, Vim | 2 Enterprise Linux, Vim | 2025-04-03 | 7.8 High |
| A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | ||||
| CVE-2023-0433 | 1 Vim | 1 Vim | 2025-04-02 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. | ||||
| CVE-2023-0512 | 1 Vim | 1 Vim | 2025-03-31 | 7.8 High |
| Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. | ||||
| CVE-2025-24014 | 1 Vim | 1 Vim | 2025-03-14 | 4.2 Medium |
| Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. | ||||
| CVE-2025-22134 | 1 Vim | 1 Vim | 2025-03-14 | 4.2 Medium |
| When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | ||||
| CVE-2023-1170 | 1 Vim | 1 Vim | 2025-03-07 | 6.6 Medium |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | ||||
| CVE-2023-1127 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-03-07 | 7.8 High |
| Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | ||||
| CVE-2023-1175 | 1 Vim | 1 Vim | 2025-03-06 | 6.6 Medium |
| Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | ||||
| CVE-2023-1264 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-03-06 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | ||||
| CVE-2023-1355 | 1 Vim | 1 Vim | 2025-02-27 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | ||||
| CVE-2023-46246 | 1 Vim | 1 Vim | 2025-02-13 | 4 Medium |
| Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | ||||
| CVE-2023-5535 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-02-13 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to v9.0.2010. | ||||
| CVE-2023-5441 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-02-13 | 5.5 Medium |
| NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | ||||
| CVE-2023-48706 | 1 Vim | 1 Vim | 2025-02-13 | 3.6 Low |
| Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. | ||||
| CVE-2023-48237 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-02-13 | 2.8 Low |
| Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-48236 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2025-02-13 | 2.8 Low |
| Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||