| Max CVSS | 7.5 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-20079 | 6.8 |
The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory.
|
20-10-2020 - 16:04 | 30-12-2019 - 01:15 | |
| CVE-2018-20786 | 5.0 |
libvterm through 0+bzr726, as used in Vim and other products, mishandles certain out-of-memory conditions, leading to a denial of service (application crash), related to screen.c, state.c, and vterm.c.
|
30-03-2020 - 20:15 | 24-02-2019 - 14:29 | |
| CVE-2017-11109 | 6.8 |
Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.
|
03-08-2019 - 13:15 | 08-07-2017 - 17:29 | |
| CVE-2017-5953 | 7.5 |
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.
|
11-06-2019 - 20:29 | 10-02-2017 - 07:59 | |
| CVE-2017-6350 | 7.5 |
An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
|
13-08-2018 - 21:47 | 27-02-2017 - 07:59 | |
| CVE-2017-6349 | 7.5 |
An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
|
13-08-2018 - 21:47 | 27-02-2017 - 07:59 |