CVE-2025-24014

segmentation fault in win_line() in Vim < 9.1.1043

Severity Score

4.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Vim es un editor de texto de línea de comandos de código abierto. Se encontró un error de segmentación en Vim antes de la versión 9.1.1043. En el modo Ex silencioso (-s -e), Vim normalmente no muestra una pantalla y solo funciona silenciosamente en modo por lotes. Sin embargo, aún es posible activar la función que maneja el desplazamiento de una versión de interfaz gráfica de usuario de Vim al introducir algunos caracteres binarios en Vim. Sin embargo, la función que maneja el desplazamiento puede estar activando un redibujado, que accederá al puntero ScreenLines, incluso aunque esta variable no haya sido asignada (ya que no hay pantalla). Esta vulnerabilidad se corrigió en la versión 9.1.1043.

*Credits: N/A

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-01-16 CVE Reserved
2025-01-20 CVE Published
2025-01-21 CVE Updated
2025-01-21 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-787: Out-of-bounds Write

CAPEC

References (4)

URL	Tag	Source
https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919	X_refsource_misc
https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2025/01/20/4
http://www.openwall.com/lists/oss-security/2025/01/21/1

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vim Search vendor "Vim"		Vim Search vendor "Vim" for product "Vim"				< 9.1.1043 Search vendor "Vim" for product "Vim" and version " < 9.1.1043"		en		Affected