vim

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Vi Improved, a highly configurable, improved version of the vi text editor
Version	9.1.0866-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2843	9.0.1224-1	9.0.1225-1	Unknown	Unknown

Issue	Group	Severity	Remote	Type	Description
CVE-2023-0433	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2023-0288	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2023-0054	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2023-0049	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-47024	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-3591	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-3324	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-3256	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-3099	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-2581	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-2345	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-0417	AVG-2843	Unknown	Unknown	Unknown	Unknown
CVE-2022-0392	AVG-2843	Unknown	Unknown	Unknown	Unknown

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2738	8.2.4150-1	8.2.4151-1	High	Fixed
AVG-2662	8.2.4464-1	8.2.4651-1	High	Fixed
AVG-2572	8.2.3582-3	8.2.3741-1	Low	Fixed
AVG-2472	8.2.3441-1	8.2.3582-1	Low	Fixed
AVG-2390	8.2.3412-1	8.2.3441-1	Medium	Fixed
AVG-2364	8.2.3340-1	8.2.3412-1	Medium	Fixed
AVG-975	8.1.1186-1	8.1.1467-1	High	Fixed
AVG-635	8.0.1530-1	8.0.1531-1	Medium	Fixed
AVG-347	8.0.0628-1	8.0.0722-1	High	Fixed	FS#54773
AVG-174	8.0.0321-1	8.0.0322-1	Medium	Fixed
AVG-83	8.0.0055-1	8.0.0056-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2022-1160	AVG-2662	High	No	Arbitrary code execution	"source" can read past end of copied line resulting in heap buffer overflow in get_one_sourceline in vim prior to 8.2.4647
CVE-2022-1154	AVG-2662	High	No	Arbitrary code execution	Use after free in utf_ptr2char in vim prior to 8.2.4646 while using buffer line after it has been freed in old regexp engine.
CVE-2022-0318	AVG-2738	Medium	No	Arbitrary code execution	Heap-based Buffer Overflow in vim prior to 8.2
CVE-2022-0261	AVG-2738	High	No	Arbitrary code execution	heap based out-of-bounds write in vim's ops.c allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write capable of...
CVE-2021-4192	AVG-2738	High	Unknown	Unknown	use-after-free in win_linetabsize()
CVE-2021-4069	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3741 is vulnerable to a use after free through using freed memory in the open command.
CVE-2021-4019	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3669 is vulnerable to a heap-based buffer overflow when using a long help argument.
CVE-2021-3984	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3625 is vulnerable to a heap-based buffer overflow when C-indenting.
CVE-2021-3974	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3612 is vulnerable to a use after free through using freed memory with regexp using a mark.
CVE-2021-3973	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3611 is vulnerable to a heap-based buffer overflow when using CTRL-W f without finding a file name.
CVE-2021-3968	AVG-2572	Low	No	Arbitrary code execution	Vim before version 8.2.3610 is vulnerable to a heap-based buffer overflow when ModeChanged is triggered too early.
CVE-2021-3928	AVG-2472	Low	No	Arbitrary code execution	Vim before version 8.2.3582 is vulnerable to a heap-based buffer overflow through reading uninitialized memory when giving spell suggestions.
CVE-2021-3927	AVG-2472	Low	No	Arbitrary code execution	Vim before version 8.2.3581 is vulnerable to a heap-based buffer overflow when reading a character past the end of line.
CVE-2021-3903	AVG-2472	Low	No	Arbitrary code execution	Vim before version 8.2.3564 is vulnerable to a heap-based buffer overflow when scrolling without a valid screen.
CVE-2021-3875	AVG-2472	Low	No	Arbitrary code execution	Vim before version 8.2.3489 is vulnerable to a heap-based buffer overflow after a search with range.
CVE-2021-3872	AVG-2472	Low	No	Arbitrary code execution	Vim before version 8.2.3487 is vulnerable to a heap-based buffer overflow if a Vim buffer name is very long.
CVE-2021-3796	AVG-2390	Medium	No	Arbitrary code execution	vim before version 8.2.3428 is vulnerable to a use after free when replacing.
CVE-2021-3778	AVG-2364	Medium	Yes	Arbitrary code execution	vim before version 8.2.3409 is vulnerable to a heap-based buffer overflow when reading beyond the end of a line with an invalid UTF-8 character.
CVE-2021-3770	AVG-2364	Medium	No	Arbitrary code execution	vim before version 8.2.3402 is vulnerable to a heap-based buffer overflow when using :retab with large value.
CVE-2019-12735	AVG-975	High	Yes	Arbitrary code execution	getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as...
CVE-2017-1000382	AVG-635	Medium	No	Information disclosure	VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not...
CVE-2017-11109	AVG-347	High	No	Arbitrary code execution	Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file.
CVE-2017-5953	AVG-174	Medium	No	Arbitrary code execution	It was found that vim does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory...
CVE-2016-1248	AVG-83	High	No	Arbitrary command execution	A vulnerability has been discovered in vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline. This is...

Advisories

Date	Advisory	Group	Severity	Type
11 Jun 2019	ASA-201906-8	AVG-975	High	arbitrary code execution
18 Jul 2017	ASA-201707-22	AVG-347	High	arbitrary code execution
15 Feb 2017	ASA-201702-13	AVG-174	Medium	arbitrary code execution