Unrated severityNVD Advisory· Published May 22, 2026· Updated May 22, 2026
Heap Buffer Overflow in vifm
CVE-2026-8997
Description
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/vifm/vifm/commit/23063c741f15a85621fd232dfc3ac5b779f6910dmitrepatch
- cert.pl/en/posts/2026/05/CVE-2026-8997mitrethird-party-advisory
News mentions
0No linked articles in our index yet.