apk package
wolfi/vim-doc
pkg:apk/wolfi/vim-doc
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46483 | Low | 3.6 | < 9.2.0500-r0 | 9.2.0500-r0 | May 15, 2026 | Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape( | |
| CVE-2024-47814 | — | < 9.1.0766-r0 | 9.1.0766-r0 | Oct 7, 2024 | Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact | ||
| CVE-2024-45306 | — | < 9.1.0718-r0 | 9.1.0718-r0 | Sep 2, 2024 | Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we a | ||
| CVE-2024-43802 | Med | 4.5 | < 9.1.0698-r0 | 9.1.0698-r0 | Aug 26, 2024 | Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off pos | |
| CVE-2024-43790 | — | < 9.1.0689-r0 | 9.1.0689-r0 | Aug 22, 2024 | Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search patt | ||
| CVE-2024-43374 | — | < 9.1.0686-r0 | 9.1.0686-r0 | Aug 15, 2024 | The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it i | ||
| CVE-2023-1355 | — | < 9.0.1402-r0 | 9.0.1402-r0 | Mar 11, 2023 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | ||
| CVE-2023-1264 | — | < 9.0.1392-r0 | 9.0.1392-r0 | Mar 7, 2023 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | ||
| CVE-2023-1175 | — | < 9.0.1378-r0 | 9.0.1378-r0 | Mar 4, 2023 | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | ||
| CVE-2023-1127 | — | < 9.0.1378-r0 | 9.0.1378-r0 | Mar 1, 2023 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. |
- affected < 9.2.0500-r0fixed 9.2.0500-r0
Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-like systems. The function builds :!gunzip and :!gzip -d commands using shellescape(
- CVE-2024-47814Oct 7, 2024affected < 9.1.0766-r0fixed 9.1.0766-r0
Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact
- CVE-2024-45306Sep 2, 2024affected < 9.1.0718-r0fixed 9.1.0718-r0
Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we a
- affected < 9.1.0698-r0fixed 9.1.0698-r0
Vim is an improved version of the unix vi text editor. When flushing the typeahead buffer, Vim moves the current position in the typeahead buffer but does not check whether there is enough space left in the buffer to handle the next characters. So this may lead to the tb_off pos
- CVE-2024-43790Aug 22, 2024affected < 9.1.0689-r0fixed 9.1.0689-r0
Vim is an open source command line text editor. When performing a search and displaying the search-count message is disabled (:set shm+=S), the search pattern is displayed at the bottom of the screen in a buffer (msgbuf). When right-left mode (:set rl) is enabled, the search patt
- CVE-2024-43374Aug 15, 2024affected < 9.1.0686-r0fixed 9.1.0686-r0
The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it i
- CVE-2023-1355Mar 11, 2023affected < 9.0.1402-r0fixed 9.0.1402-r0
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.
- CVE-2023-1264Mar 7, 2023affected < 9.0.1392-r0fixed 9.0.1392-r0
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.
- CVE-2023-1175Mar 4, 2023affected < 9.0.1378-r0fixed 9.0.1378-r0
Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.
- CVE-2023-1127Mar 1, 2023affected < 9.0.1378-r0fixed 9.0.1378-r0
Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.