Vim

Vim <9.2.0202: glob() Command Injection on Unix
CVE-2026-33412 5.6 - Medium - March 24, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n) in a pattern passed to glob(), an attacker may be able to execute arbitrary shell commands. This vulnerability depends on the user's 'shell' setting. This issue has been patched in version 9.2.0202.

Shell injection

Vim NFA Regex Compiler Crash CVE-2026-32249 (9.2.0136)
CVE-2026-32249 5.3 - Medium - March 12, 2026

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a character range (e.g. [0-0\u05bb]), incorrectly emits the composing bytes of that character as separate NFA states. This corrupts the NFA postfix stack, resulting in NFA_START_COLL having a NULL out1 pointer. When nfa_max_width() subsequently traverses the compiled NFA to estimate match width for the look-behind assertion, it dereferences state->out1->out without a NULL check, causing a segmentation fault. This vulnerability is fixed in 9.2.0137.

NULL Pointer Dereference

Vim <9.2.0078: stack-buffer-overflow in statusline rendering
CVE-2026-28422 2.2 - Low - February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.

Stack Overflow

Vim <9.2.0077: Heap Buffer Overflow in Swap Recovery
CVE-2026-28421 5.3 - Medium - February 27, 2026

Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.

Improper Input Validation

Vim <9.2.0076 Heap OOB Buf Read/Write via Max Unicode Combining
CVE-2026-28420 4.4 - Medium - February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

Heap-based Buffer Overflow

Vim 9.2.0075: Heap Buffer Underflow in Emacs-Style Tags Parsing
CVE-2026-28419 5.3 - Medium - February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

buffer underrun

Vim<9.2.0074 Heap Buffer Overflow via Emacs-Style Tags Parsing
CVE-2026-28418 4.4 - Medium - February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.

Heap-based Buffer Overflow

Vim 9.2.0072 netrw CMD-INJ via scp://
CVE-2026-28417 4.4 - Medium - February 27, 2026

Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.

Improper Neutralization of Invalid Characters in Identifiers in Web Pages

Vim <9.1.2148: NetBeans specialKeys Stack Buffer Overflow
CVE-2026-26269 5.4 - Medium - February 13, 2026

Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.

Stack Overflow

Vim <9.1.2132 Heap Buffer Overflow in get_tagfname (helpfile)
CVE-2026-25749 6.6 - Medium - February 06, 2026

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

Heap-based Buffer Overflow

Vim: Uncontrolled Search Path on Windows Pre-9.1.1947 Enables Malicious Exec
CVE-2025-66476 7.8 - High - December 02, 2025

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves external commands by searching the current working directory before system paths. When Vim invokes tools such as findstr for :grep, external commands or filters via :!, or compiler/:make commands, it may inadvertently run a malicious executable present in the same directory as the file being edited. The issue affects Vim for Windows prior to version 9.1.1947.

DLL preloading

Vim 9.1.x UAF via nested Vim script tuples (before 9.1.1400)
CVE-2025-55157 8.8 - High - August 11, 2025

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can trigger a use-after-free in Vims internal tuple reference management. Specifically, the tuple_unref() function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. This issue has been patched in version 9.1.1400.

Dangling pointer

Vim 9.1.x Double-free in typval_T during script import (CVE-2025-55158)
CVE-2025-55158 8.8 - High - August 11, 2025

Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during evaluation can trigger a double-free in Vims internal typed value (typval_T) management. Specifically, the clear_tv() function may attempt to free memory that has already been deallocated, due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. This issue has been patched in version 9.1.1406.

Double-free

Vim <9.1.1552 Path Traversal via tar.vim Plugin
CVE-2025-53905 4.1 - Medium - July 15, 2025

Vim is an open source, command line text editor. Prior to version 9.1.1552, a path traversal issue in Vims tar.vim plugin can allow overwriting of arbitrary files when opening specially crafted tar archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1552 contains a patch for the vulnerability.

Directory traversal

Vim 9.1 Path Traversal in zip.vim (before 9.1.1551)
CVE-2025-53906 4.1 - Medium - July 15, 2025

Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vims zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successfully exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. The victim must edit such a file using Vim which will reveal the filename and the file content, a careful user may suspect some strange things going on. Successful exploitation could results in the ability to execute arbitrary commands on the underlying operating system. Version 9.1.1551 contains a patch for the vulnerability.

Directory traversal

Vim Zip.vim Data Loss via Crafted Zip (before 9.1.1198)
CVE-2025-29768 4.4 - Medium - March 13, 2025

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

Argument Injection

Vim 9.1.0858 tar.vim Exec via Unsanitized :read – fixed 9.1.1164
CVE-2025-27423 - March 03, 2025

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

Command Injection

Vim <9.1.1115 UAF via :display redirect to clipboard registers * or +
CVE-2025-26603 - February 18, 2025

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Dangling pointer

Vim 9.1.1096 Memory Corruption via --log
CVE-2025-1215 7.8 - High - February 12, 2025

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Segmentation Fault in Vim <=9.1.1042 during Silent Ex mode (scroll)
CVE-2025-24014 5.5 - Medium - January 20, 2025

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Memory Corruption

Vim 9.1.1003 Heap-Buf Overflow: :all cmd in vis mode
CVE-2025-22134 5.5 - Medium - January 13, 2025

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003

Heap-based Buffer Overflow

Use-after-free in Vim <9.1.0764 via BufWinLeave AutoCmd Crash
CVE-2024-47814 3.9 - Low - October 07, 2024

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Dangling pointer

Vim Heap Buffer Overflow in Cursor Position (v9.1.0038, fixed v9.1.0707)
CVE-2024-45306 5.5 - Medium - September 02, 2024

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

Memory Corruption

Vim 9.x Heap Buffer Overflow in Typeahead Buffer (patch 9.1.0697)
CVE-2024-43802 4.5 - Medium - August 26, 2024

Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off position within the typebuf variable to point outside of the valid buffer size, which can then later lead to a heap-buffer overflow in e.g. ins_typebuf(). Therefore, when flushing the typeahead buffer, check if there is enough space left before advancing the off position. If not, fall back to flush current typebuf contents. It's not quite clear yet, what can lead to this situation. It seems to happen when error messages occur (which will cause Vim to flush the typeahead buffer) in comnination with several long mappgins and so it may eventually move the off position out of a valid buffer size. Impact is low since it is not easily reproducible and requires to have several mappings active and run into some error condition. But when this happens, this will cause a crash. The issue has been fixed as of Vim patch v9.1.0697. Users are advised to upgrade. There are no known workarounds for this issue.

Heap-based Buffer Overflow

Vim Search-Count Buffer Overflow via msgbuf in Reverse Mode, fixed v9.1.0689
CVE-2024-43790 5.5 - Medium - August 22, 2024

Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search pattern is reversed. This happens by allocating a new buffer. If the search pattern contains some ASCII NUL characters, the buffer allocated will be smaller than the original allocated buffer (because for allocating the reversed buffer, the strlen() function is called, which only counts until it notices an ASCII NUL byte ) and thus the original length indicator is wrong. This causes an overflow when accessing characters inside the msgbuf by the previously (now wrong) length of the msgbuf. The issue has been fixed as of Vim patch v9.1.0689.

Vim <9.1.0678: UAF via Buf* autocommands
CVE-2024-43374 - August 16, 2024

The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.

Vim <9.1.0647 Double Free in quickfix/alloc.c
CVE-2024-41957 4.5 - Medium - August 01, 2024

Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647

Double-free

Vim < v9.1.0648 doublefree in dialog_changed()
CVE-2024-41965 4.2 - Medium - August 01, 2024

Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.

Double-free

Vim stack-based buffer overflow in did_set_langmap before 9.0.2142
CVE-2024-22667 7.8 - High - February 05, 2024

Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions.

Memory Corruption

Heap use-after-free via :s substitution in Vim <9.0.2121
CVE-2023-48706 4.7 - Medium - November 22, 2023

Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue.

Dangling pointer

Vim FPE Crash via Overlong Lines, cpo 'n', fixed 9.0.2107
CVE-2023-48232 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the 'n' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Improper Handling of Exceptional Conditions

Vim Line Shift Integer Overflow (pre-9.0.2112)
CVE-2023-48237 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Integer Overflow or Wraparound

Vim 9.0.2111 Fixes Count Overflow in z= Command
CVE-2023-48236 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Integer Overflow or Wraparound

Vim 9.0.2110 patch: fix LLOverflow in relative ex address parsing
CVE-2023-48235 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Integer Overflow or Wraparound

Vim 9.0.2108 s: Count > LONG e_value_too_large Crash
CVE-2023-48233 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Integer Overflow or Wraparound

Vim 9.0 buffer struct freed access CVE-2023-48231
CVE-2023-48231 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vim <9.0.2109: Integer Overflow in Normal mode z Count Leads to Crash
CVE-2023-48234 4.3 - Medium - November 16, 2023

Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Integer Overflow or Wraparound

Vim 9.0.0-9.0.2068 Buffer UAF via :history argument Overflow
CVE-2023-46246 5.5 - Medium - October 27, 2023

Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.

Integer Overflow or Wraparound

vim UAF before v9.0.2010
CVE-2023-5535 7.8 - High - October 11, 2023

Use After Free in GitHub repository vim/vim prior to v9.0.2010.

Dangling pointer

CVE-2023-5441: NULL Pointer Deref in Vim (v<20d161ace)
CVE-2023-5441 5.5 - Medium - October 05, 2023

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.

NULL Pointer Dereference

Vim <9.0.1969 Heap Buffer Overflow (CVE-2023-5344)
CVE-2023-5344 - October 02, 2023

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.

Heap-based Buffer Overflow

Vim 9.0.1872 Heap Buffer Overflow CVE-2023-4781
CVE-2023-4781 - September 05, 2023

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.

Heap-based Buffer Overflow

Vim UAF in GitHub vim/vim before 9.0.1858
CVE-2023-4752 - September 04, 2023

Use After Free in GitHub repository vim/vim prior to 9.0.1858.

Dangling pointer

Vim <9.0.1857 UAF Vulnerability
CVE-2023-4750 7.8 - High - September 04, 2023

Use After Free in GitHub repository vim/vim prior to 9.0.1857.

Dangling pointer

Use-After-Free in Vim < 9.0.1840
CVE-2023-4733 7.8 - High - September 04, 2023

Use After Free in GitHub repository vim/vim prior to 9.0.1840.

Dangling pointer

Vim 9.x Heap Buffer Overflow before 9.0.1331
CVE-2023-4751 7.8 - High - September 03, 2023

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.

Heap-based Buffer Overflow

Heap Buffer Overflow in Vim <9.0.1848 (CVE-2023-4738)
CVE-2023-4738 - September 02, 2023

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.

Heap-based Buffer Overflow

Vim Untrusted Search Path Vulnerability before 9.0.1833
CVE-2023-4736 7.8 - High - September 02, 2023

Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.

Untrusted Path

Out-of-bounds Write in vim/vim prior 9.0.1847
CVE-2023-4735 7.8 - High - September 02, 2023

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.

Memory Corruption

Vim Integer Overflow Before 9.0.1846
CVE-2023-4734 7.8 - High - September 02, 2023

Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.

Integer Overflow or Wraparound