Use After Free in vim/vim
Description
Use-after-free in vim prior to 9.0.1858 could allow arbitrary code execution via crafted file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Use-after-free in vim prior to 9.0.1858 could allow arbitrary code execution via crafted file.
Vulnerability
A use-after-free vulnerability exists in vim, the popular text editor, in versions prior to 9.0.1858. The flaw occurs during the parsing of specially crafted files, leading to a use-after-free condition in memory management.
Exploitation
An attacker can exploit this vulnerability by convincing a user to open a malicious file with vim. No additional privileges are required beyond the ability to open a file. The attacker does not need network access if the file is delivered locally.
Impact
Successful exploitation could lead to unexpected application termination or arbitrary code execution in the context of the user running vim. This could allow an attacker to execute arbitrary commands or gain control of the system.
Mitigation
The vulnerability is fixed in vim version 9.0.1858. Users should update to this version or later. For systems where updating is not immediately possible, avoid opening untrusted files with vim.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
33- osv-coords31 versionspkg:rpm/almalinux/vim-commonpkg:rpm/almalinux/vim-enhancedpkg:rpm/almalinux/vim-filesystempkg:rpm/almalinux/vim-minimalpkg:rpm/almalinux/vim-X11pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/vim&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/vim&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP4pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/vim&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/vim&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/vim&distro=SUSE%20Manager%20Server%204.2
< 2:8.2.2637-22.el9_6+ 30 more
- (no CPE)range: < 2:8.2.2637-22.el9_6
- (no CPE)range: < 2:8.2.2637-22.el9_6
- (no CPE)range: < 2:8.2.2637-22.el9_6
- (no CPE)range: < 2:8.2.2637-22.el9_6
- (no CPE)range: < 2:8.2.2637-22.el9_6
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.2103-150500.20.6.1
- (no CPE)range: < 9.0.1894-17.23.2
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-17.23.2
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
- (no CPE)range: < 9.0.1894-150000.5.54.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- seclists.org/fulldisclosure/2023/Oct/24mitre
- github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139mitre
- huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757mitre
- lists.debian.org/debian-lts-announce/2023/09/msg00035.htmlmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I56ITJAFMFAQ2G3BMGTCGM3GS62V2DTR/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITRVK4FB74RZDIGTZJXOZMUW6X6F4TNF/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PFE3LDFRZ7EGWA5AU7YHYL62ELBOFZWQ/mitre
- support.apple.com/kb/HT213984mitre
News mentions
0No linked articles in our index yet.