Vim Vim

Do you want an email whenever new security vulnerabilities are reported in Vim?

By the Year

In 2022 there have been 36 vulnerabilities in Vim with an average score of 7.4 out of ten. Last year Vim had 20 security vulnerabilities published. That is, 16 more vulnerabilities have already been reported in 2022 as compared to last year. Last year, the average CVE base score was greater by 0.09

Year Vulnerabilities Average Score
2022 36 7.43
2021 20 7.52
2020 1 5.30
2019 2 8.20
2018 0 0.00

It may take a day or so for new Vim vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Vim Security Vulnerabilities

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

CVE-2022-1735 7.8 - High - May 17, 2022

Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.

Classic Buffer Overflow

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938

CVE-2022-1674 5.5 - Medium - May 12, 2022

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.

NULL Pointer Dereference

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919

CVE-2022-1621 7.8 - High - May 10, 2022

Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Memory Corruption

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925

CVE-2022-1629 7.8 - High - May 10, 2022

Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution

Out-of-bounds Read

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901

CVE-2022-1620 7.5 - High - May 08, 2022

NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.

NULL Pointer Dereference

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899

CVE-2022-1619 7.8 - High - May 08, 2022

Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution

Memory Corruption

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895

CVE-2022-1616 7.8 - High - May 07, 2022

Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Dangling pointer

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

CVE-2022-1420 5.5 - Medium - April 21, 2022

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.

Buffer Overflow

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763

CVE-2022-1381 7.8 - High - April 18, 2022

global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution

Memory Corruption

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

CVE-2022-1160 7.8 - High - March 30, 2022

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.

Heap-based Buffer Overflow

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

CVE-2022-1154 9.8 - Critical - March 30, 2022

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.

Dangling pointer

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

CVE-2022-0943 7.8 - High - March 14, 2022

Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.

Heap-based Buffer Overflow

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

CVE-2022-0729 8.8 - High - February 23, 2022

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.

Buffer Overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

CVE-2022-0714 5.5 - Medium - February 22, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.

Memory Corruption

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

CVE-2022-0696 5.5 - Medium - February 21, 2022

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.

NULL Pointer Dereference

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

CVE-2022-0685 7.8 - High - February 20, 2022

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0629 7.8 - High - February 17, 2022

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Memory Corruption

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0572 7.8 - High - February 14, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Memory Corruption

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

CVE-2022-0554 7.8 - High - February 10, 2022

Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.

Buffer Overflow

Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-0443 7.8 - High - February 02, 2022

Use After Free in GitHub repository vim/vim prior to 8.2.

Dangling pointer

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

CVE-2022-0417 7.8 - High - February 01, 2022

Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.

Memory Corruption

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0408 7.8 - High - January 30, 2022

Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Stack Overflow

Use After Free in GitHub repository vim/vim prior to 8.2.

CVE-2022-0413 7.8 - High - January 30, 2022

Use After Free in GitHub repository vim/vim prior to 8.2.

Dangling pointer

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0407 7.8 - High - January 30, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Heap-based Buffer Overflow

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

CVE-2022-0392 7.8 - High - January 28, 2022

Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.

Heap-based Buffer Overflow

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-0393 7.1 - High - January 28, 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Out-of-bounds Read

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

CVE-2022-0368 7.8 - High - January 26, 2022

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Out-of-bounds Read

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0361 7.8 - High - January 26, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Memory Corruption

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0359 7.8 - High - January 26, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Memory Corruption

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

CVE-2022-0351 7.8 - High - January 25, 2022

Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.

Access of Memory Location Before Start of Buffer

Heap-based Buffer Overflow in vim/vim prior to 8.2.

CVE-2022-0318 9.8 - Critical - January 21, 2022

Heap-based Buffer Overflow in vim/vim prior to 8.2.

Heap-based Buffer Overflow

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2022-0261 7.8 - High - January 18, 2022

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2022-0213 6.6 - Medium - January 14, 2022

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

vim is vulnerable to Use After Free

CVE-2022-0156 5.5 - Medium - January 10, 2022

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Heap-based Buffer Overflow

CVE-2022-0158 3.3 - Low - January 10, 2022

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Out-of-bounds Read

CVE-2022-0128 7.8 - High - January 06, 2022

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

vim is vulnerable to Out-of-bounds Read

CVE-2021-4193 5.5 - Medium - December 31, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

vim is vulnerable to Use After Free

CVE-2021-4192 7.8 - High - December 31, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Use After Free

CVE-2021-4187 7.8 - High - December 29, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Use After Free

CVE-2021-4173 7.8 - High - December 27, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Out-of-bounds Read

CVE-2021-4166 7.1 - High - December 25, 2021

vim is vulnerable to Out-of-bounds Read

Out-of-bounds Read

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-4136 7.8 - High - December 19, 2021

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

vim is vulnerable to Use After Free

CVE-2021-4069 7.8 - High - December 06, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3984 7.8 - High - December 01, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-4019 7.8 - High - December 01, 2021

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3968 8 - High - November 19, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3973 7.8 - High - November 19, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Use After Free

CVE-2021-3974 7.8 - High - November 19, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3927 7.8 - High - November 05, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Use of Uninitialized Variable

CVE-2021-3928 7.8 - High - November 05, 2021

vim is vulnerable to Use of Uninitialized Variable

Use of Uninitialized Variable

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3903 7.8 - High - October 27, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3872 7.8 - High - October 19, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3875 5.5 - Medium - October 15, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Use After Free

CVE-2021-3796 7.3 - High - September 15, 2021

vim is vulnerable to Use After Free

Dangling pointer

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3778 7.8 - High - September 15, 2021

vim is vulnerable to Heap-based Buffer Overflow

Heap-based Buffer Overflow

vim is vulnerable to Heap-based Buffer Overflow

CVE-2021-3770 7.8 - High - September 06, 2021

vim is vulnerable to Heap-based Buffer Overflow

Memory Corruption

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g

CVE-2019-20807 5.3 - Medium - May 28, 2020

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Shell injection

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

CVE-2019-20079 7.8 - High - December 30, 2019

The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.

Dangling pointer

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6

CVE-2019-12735 8.6 - High - June 05, 2019

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

Shell injection

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which

CVE-2017-17087 5.5 - Medium - December 01, 2017

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Exposure of Resource to Wrong Sphere

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Vim? Click the Watch button to subscribe.

Vim
Vendor

Vim
Product

subscribe