gvim

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Vi Improved, a highly configurable, improved version of the vi text editor (with advanced features, such as a GUI)
Version 8.1.1776-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-976 8.1.1186-1 8.1.1467-1 High Fixed
AVG-635 8.0.1530-1 8.0.1531-1 Medium Fixed
AVG-347 8.0.0628-1 8.0.0722-1 High Fixed FS#54773
AVG-174 8.0.0321-1 8.0.0322-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2019-12735 AVG-976 High Yes Arbitrary code execution
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as...
CVE-2017-1000382 AVG-635 Medium No Information disclosure
VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not...
CVE-2017-11109 AVG-347 High No Arbitrary code execution
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file.
CVE-2017-5953 AVG-174 Medium No Arbitrary code execution
It was found that vim does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory...

Advisories

Date Advisory Group Severity Description
11 Jun 2019 ASA-201906-9 AVG-976 High arbitrary code execution
18 Jul 2017 ASA-201707-19 AVG-347 High arbitrary code execution
15 Feb 2017 ASA-201702-12 AVG-174 Medium arbitrary code execution