CVE-2016-1248

Published: 23 November 2016

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

From the Ubuntu security team

Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
neovim
Launchpad, Ubuntu, Debian
Upstream
Released (0.1.6-4)
Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Ubuntu 12.04 ESM (Precise Pangolin) Does not exist

Patches:
Upstream: https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
vim
Launchpad, Ubuntu, Debian
Upstream
Released (2:8.0.0095-1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (2:7.4.1689-3ubuntu1.2)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:7.4.052-1ubuntu3.1)
Ubuntu 12.04 ESM (Precise Pangolin)
Released (2:7.3.429-2ubuntu2.2)
Patches:
Upstream: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a