CVE-2022-47024
Description
A null pointer dereference in Vim's GUI X11 blank mouse creation (gui_x11_create_blank_mouse) causes denial of service for versions 8.1.2269 through 9.0.0339.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in Vim's GUI X11 blank mouse creation (gui_x11_create_blank_mouse) causes denial of service for versions 8.1.2269 through 9.0.0339.
Vulnerability
A null pointer dereference vulnerability exists in the gui_x11_create_blank_mouse function in gui_x11.c of Vim. The issue occurs when XCreateGC() returns a null pointer, and the code does not check for this before calling XDrawPoint() and XFreeGC(). Affected versions are Vim 8.1.2269 through 9.0.0339 [4].
Exploitation
An attacker can trigger the vulnerability by causing the GUI X11 backend to allocate a graphics context when system resources are low, resulting in XCreateGC() returning NULL. The lack of a null check leads to a null pointer dereference. No special privileges or user interaction beyond launching gVim is required [4].
Impact
Successful exploitation results in a denial of service (crash) of the Vim application. The description also mentions "other unspecified impacts," but based on the available sources, the primary impact is a denial of service [4].
Mitigation
The vulnerability is fixed in Vim version 9.0.0339, with commit a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 [4]. Users should upgrade to Vim 9.0.0339 or later. Gentoo recommends upgrading to version 9.0.1157 or higher [3]. No workaround is currently available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7- osv-coords5 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11
< 2:8.2.2637-20.el9_1+ 4 more
- (no CPE)range: < 2:8.2.2637-20.el9_1
- (no CPE)range: < 2:8.2.2637-20.el9_1
- (no CPE)range: < 2:8.2.2637-20.el9_1
- (no CPE)range: < 2:8.2.2637-20.el9_1
- (no CPE)range: < 2:8.2.2637-20.el9_1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/mitrevendor-advisory
- security.gentoo.org/glsa/202305-16mitrevendor-advisory
- github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19mitre
News mentions
0No linked articles in our index yet.