USN-3139-1: Vim vulnerability

29 November 2016

Vim could be made to run programs as your login if it opened a specially crafted file.

Releases

Packages

  • vim - Vi IMproved - enhanced vi editor

Details

Florian Larysch discovered that the Vim text editor did not properly
validate values for the 'filetype', 'syntax', and 'keymap' options. An
attacker could trick a user into opening a file with specially crafted
modelines and possibly execute arbitrary code with the user's privileges.

References