Use After Free in vim/vim
Description
Use-after-free in Vim's spell checking when a SpellFileMissing autocommand closes the window, fixed in 9.0.0882.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in Vim's spell checking when a SpellFileMissing autocommand closes the window, fixed in 9.0.0882.
Vulnerability
A use-after-free vulnerability exists in Vim prior to version 9.0.0882 in the did_set_spelllang function. When a SpellFileMissing autocommand is triggered during spell loading, it may destroy the buffer or close the window, leading to use of freed memory. The flaw affects all Vim versions before the patch. [1]
Exploitation
An attacker must craft a file that triggers the SpellFileMissing autocommand, which can close the window or delete the buffer while Vim is still referencing it. The attacker needs the ability to execute autocommands, typically by opening a specially crafted file or through user interaction. The race condition is avoided by the patch that adds a window validity check. [1]
Impact
Successful exploitation could lead to a use-after-free condition, resulting in crashes or potential arbitrary code execution depending on the memory state. The impact is high due to the possibility of code execution in the context of Vim. [1]
Mitigation
The vulnerability is fixed in Vim version 9.0.0882, released on November 28, 2022. Users should upgrade to at least this version. Gentoo recommends upgrading to 9.0.1157 as part of a broader security update. [1][3]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
38- osv-coords36 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.1040-150000.5.31.1+ 35 more
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1040-150000.5.31.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYC22GGZ6QA66HLNLHCTAJU265TT3O33/mitrevendor-advisory
- security.gentoo.org/glsa/202305-16mitrevendor-advisory
- github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93mitre
- huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57bmitre
- security.netapp.com/advisory/ntap-20230113-0005/mitre
News mentions
0No linked articles in our index yet.