CVE-2025-24014

Published: Jan 20, 2025

Modified: Mar 14, 2025

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Vendor	Product	Versions
vim	vim	affected `< 9.1.1043`

Weaknesses (CWE)

CWE-787

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955

x_refsource_CONFIRM

https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-24014

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References