Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2019-12735

Medium priority
Fixed

getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.

2 affected packages

neovim, vim

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neovim Not affected Not affected Fixed Not in release
vim Fixed Fixed Fixed Fixed
Show less packages

CVE-2017-5953

Low priority

Some fixes available 2 of 5

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

2 affected packages

neovim, vim

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neovim Not affected Not in release
vim Not affected Fixed
Show less packages

CVE-2016-1248

Medium priority
Fixed

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

2 affected packages

neovim, vim

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neovim Not in release
vim Fixed
Show less packages