All errata/sisyphus/ALT-PU-2025-5040-4
ALT-PU-2025-5040-4

Package update vim in branch sisyphus

Version9.1.1264-alt1
Task#379906
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (12)

BDU:2025-01409
MEDIUM4.2

Уязвимость текстового редактора vim, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-02-12Modified: 2026-03-04
CVSS 3.xMEDIUM 4.2
CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
CVSS 2.0LOW 3.5
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:P/A:P
References
BDU:2025-01433
MEDIUM4.2

Уязвимость текстового редактора vim, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код

Published: 2025-02-12Modified: 2026-03-04
CVSS 3.xMEDIUM 4.2
CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
CVSS 2.0LOW 3.5
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:P/A:P
References
BDU:2025-03287
LOW2.8

Уязвимость текстового редактора vim, связанная с неправильным ограничением операций в пределах буфера памяти, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2025-03-27Modified: 2026-03-04
CVSS 3.xLOW 2.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
References
BDU:2025-03299
MEDIUM4.2

Уязвимость функции ex_display() текстового редактора vim, позволяющая нарушителю выполнить произвольные автокоманды

Published: 2025-03-27Modified: 2026-03-04
CVSS 3.xMEDIUM 4.2
CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
CVSS 2.0LOW 3.5
CVSS:2.0/AV:L/AC:H/Au:S/C:P/I:P/A:P
References
BDU:2025-06069
HIGH7.1

Уязвимость плагина tar.vim текстового редактора vim, позволяющая нарушителю выполнить произвольный код

Published: 2025-05-28Modified: 2026-03-04
CVSS 3.xHIGH 7.1
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVSS 2.0MEDIUM 6.6
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:N
References
BDU:2025-06563
MEDIUM4.4

Уязвимость текстового редактора vim, связанная с внедрением или модификацией аргументов, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2025-06-09Modified: 2026-03-04
CVSS 3.xMEDIUM 4.4
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVSS 2.0LOW 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N
References
CVE-2025-1215
LOW2.4

A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able to address this issue. The patch is identified as c5654b84480822817bb7b69ebc97c174c91185e9. It is recommended to upgrade the affected component.

Published: 2025-02-12Modified: 2025-08-13
CVSS 2.0LOW 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:P
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 4.0LOW 2.4
CVSS:4.0/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
CVE-2025-22134
MEDIUM5.5

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003

Published: 2025-01-13Modified: 2025-08-14
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2025-24014
MEDIUM5.5

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Published: 2025-01-20Modified: 2025-08-14
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H
References
CVE-2025-26603
MEDIUM4.2

Vim is a greatly improved version of the good old UNIX editor Vi. Vim allows to redirect screen messages using the `:redir` ex command to register, variables and files. It also allows to show the contents of registers using the `:registers` or `:display` ex command. When redirecting the output of `:display` to a register, Vim will free the register content before storing the new content in the register. Now when redirecting the `:display` command to a register that is being displayed, Vim will free the content while shortly afterwards trying to access it, which leads to a use-after-free. Vim pre 9.1.1115 checks in the ex_display() function, that it does not try to redirect to a register while displaying this register at the same time. However this check is not complete, and so Vim does not check the `+` and `*` registers (which typically donate the X11/clipboard registers, and when a clipboard connection is not possible will fall back to use register 0 instead. In Patch 9.1.1115 Vim will therefore skip outputting to register zero when trying to redirect to the clipboard registers `*` or `+`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Published: 2025-02-18Modified: 2025-08-18
CVSS 3.xMEDIUM 4.2
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
References
CVE-2025-27423
HIGH7.1

Vim is an open source, command line text editor. Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shell commands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). The issue has been fixed as of Vim patch v9.1.1164

Published: 2025-03-03Modified: 2025-08-18
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
CVE-2025-29768
MEDIUM4.4

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

Published: 2025-03-13Modified: 2025-08-18
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
References