CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29768 – Vim vulnerable to potential data loss with zip.vim and special crafted zip files
https://notcve.org/view.php?id=CVE-2025-29768
13 Mar 2025 — Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198. • https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27423 – Improper Input Validation in Vim
https://notcve.org/view.php?id=CVE-2025-27423
03 Mar 2025 — Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, wh... • https://github.com/vim/vim/commit/129a8446d23cd9cb4445fcfea259cba5e0487d29 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26603 – heap-use-after-free in function str_to_reg in vim/vim
https://notcve.org/view.php?id=CVE-2025-26603
18 Feb 2025 — Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the cont... • https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 • CWE-416: Use After Free •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24014 – segmentation fault in win_line() in Vim < 9.1.1043
https://notcve.org/view.php?id=CVE-2025-24014
20 Jan 2025 — Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been all... • https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 • CWE-787: Out-of-bounds Write •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22134 – heap-buffer-overflow with visual mode in Vim < 9.1.1003
https://notcve.org/view.php?id=CVE-2025-22134
13 Jan 2025 — When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is... • https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead • CWE-122: Heap-based Buffer Overflow •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47814 – use-after-free when closing buffers in Vim
https://notcve.org/view.php?id=CVE-2024-47814
07 Oct 2024 — Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. • https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg • CWE-416: Use After Free •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43802 – heap-buffer-overflow in ins_typebuf() in Vim < 9.1.0697
https://notcve.org/view.php?id=CVE-2024-43802
26 Aug 2024 — Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space lef... • https://github.com/vim/vim/commit/322ba9108612bead5eb • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43790 – heap-buffer-overflow in do_search() in Vim < 9.1.0689
https://notcve.org/view.php?id=CVE-2024-43790
22 Aug 2024 — Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer,... • https://github.com/vim/vim/commit/cacb6693c10bb19f28a50eca47bc • CWE-122: Heap-based Buffer Overflow •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43374 – Vim heap-use-after-free in src/arglist.c:207
https://notcve.org/view.php?id=CVE-2024-43374
15 Aug 2024 — The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer... • https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw • CWE-416: Use After Free •
CVSS: 4.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41965 – Vim < v9.1.0648 has a double-free in dialog_changed()
https://notcve.org/view.php?id=CVE-2024-41965
01 Aug 2024 — Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has bee... • https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c • CWE-416: Use After Free •