Heap-based Buffer Overflow in vim/vim
Description
Heap-based buffer overflow in Vim prior to 9.0.1144 allows out-of-bounds write via crafted input, enabling potential code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Heap-based buffer overflow in Vim prior to 9.0.1144 allows out-of-bounds write via crafted input, enabling potential code execution.
Vulnerability
A heap-based buffer overflow exists in Vim versions prior to 9.0.1144, specifically in the msg_puts_printf function. The issue arises from an improper length check when handling strings, allowing a write beyond the allocated heap buffer [2].
Exploitation
An attacker can exploit this vulnerability by providing a specially crafted input file to Vim. No authentication is required; the user only needs to open the malicious file with Vim or trigger the relevant code path. The bug is reachable through standard editing operations involving multibyte expressions or similar features [2].
Impact
Successful exploitation can lead to heap corruption, potentially causing a denial of service or arbitrary code execution in the context of the Vim process. This could allow an attacker to execute commands or access sensitive data on the affected system.
Mitigation
The vulnerability is fixed in Vim version 9.0.1144 [2]. Gentoo recommends upgrading to Vim 9.0.1157 or later [3]. No other workaround is available at this time.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18- osv-coords16 versionspkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/vim&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 9.0.1234-150000.5.34.1+ 15 more
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-150000.5.34.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
- (no CPE)range: < 9.0.1234-17.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.