VYPR
← All advisories
Unrated severityNVD Advisory· Published May 25, 2022· Updated Aug 3, 2024

Out-of-bounds Read in vim/vim

CVE-2022-1851

Description

Out-of-bounds read vulnerability in Vim prior to 8.2 could allow arbitrary code execution via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Out-of-bounds read vulnerability in Vim prior to 8.2 could allow arbitrary code execution via a crafted file.

Vulnerability

An out-of-bounds read vulnerability exists in Vim (vim/vim) prior to version 8.2. The bug resides in the handling of certain file types, allowing an attacker to trigger a read beyond allocated memory boundaries when a specially crafted file is opened.

Exploitation

An attacker can exploit this vulnerability by convincing a user to open a maliciously crafted file with Vim. No authentication is required, and the attack can be performed remotely if the user opens the file from a network share or email attachment.

Impact

Successful exploitation could lead to arbitrary code execution in the context of the user running Vim, potentially allowing the attacker to compromise the system. The out-of-bounds read may also cause a denial of service.

Mitigation

The vulnerability is fixed in Vim version 8.2 and later. Users should upgrade to the latest version. Apple has also addressed this issue in macOS Ventura 13 (see [1]). No workarounds are available.

References
  1. About the security content of macOS Ventura 13 - Apple Support

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

38

Patches

0

No patches discovered yet.

Vulnerability mechanics

Synthesis attempt was rejected by the grounding validator. Re-run pending.

References

12

News mentions

0

No linked articles in our index yet.