CVE search results

1 – 3 of 3 results

Detailed view

Sort by:

CVE-2019-12735

Medium priority

Fixed

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

2 affected packages

neovim, vim

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
neovim	—	Not affected	Not affected	Fixed
vim	—	Fixed	Fixed	Fixed

CVE-2017-5953

Low priority

Some fixes available 2 of 5

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

2 affected packages

neovim, vim

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
neovim	—	—	—	Not affected
vim	—	—	—	Not affected

CVE-2016-1248

Medium priority

Fixed

vim before patch 8.0.0056 does not properly validate values for the ‘filetype’, ‘syntax’ and ‘keymap’ options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

2 affected packages

neovim, vim

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
neovim	—	—	—	—
vim	—	—	—	—

Search CVE reports