Vim Security Vulnerabilities (CVEs)

A stack buffer overflow vulnerability in Vim's NetBeans integration allows remote code execution when processing malicious specialKeys commands. This ...

A heap buffer overflow vulnerability in Vim's tag file resolution logic allows attackers to execute arbitrary code or crash the application by exploit...

This CVE describes an uncontrolled search path vulnerability in Vim on Windows that allows arbitrary code execution. When Vim runs external commands v...

A buffer overflow vulnerability in vim's xxd component allows local attackers to execute arbitrary code or cause denial of service. The flaw exists in...

This CVE describes a use-after-free vulnerability in Vim's tuple reference management when processing nested tuples in Vim script. An attacker could e...

A path traversal vulnerability in Vim's tar.vim plugin allows specially crafted tar archives to overwrite arbitrary files when opened. This affects Vi...

Vim versions before 9.1.1198 contain a vulnerability in zip.vim that could cause data loss when users view specially crafted zip files and press 'x' o...

This vulnerability in Vim's tar.vim plugin allows arbitrary shell command execution when opening specially crafted tar archives. Attackers can exploit...

CVE-2025-22134 is a heap-buffer overflow vulnerability in Vim that occurs when switching buffers using the :all command while visual mode is active. T...

A heap buffer overflow vulnerability in Vim text editor occurs when cursor position becomes invalid and points beyond line boundaries, potentially cau...

CVE-2024-43374 is a use-after-free vulnerability in Vim's argument list handling that can cause the editor to crash. It affects users running Vim vers...

This CVE describes a double-free vulnerability in Vim's dialog_changed() function that occurs when abandoning an unnamed modified buffer. The vulnerab...

CVE-2024-22667 is a stack-based buffer overflow vulnerability in Vim's map.c file where the did_set_langmap function uses sprintf to write to an error...

CVE-2023-5344 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 9.0.1969. Attackers can exploit this by tricking user...

CVE-2023-4750 is a use-after-free vulnerability in Vim text editor that could allow an attacker to execute arbitrary code by tricking a user into open...

CVE-2023-4751 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 9.0.1331. Attackers can exploit this by tricking user...

CVE-2023-4736 is an untrusted search path vulnerability in Vim that allows attackers to execute arbitrary code by placing malicious files in directori...

An integer overflow vulnerability in Vim before version 9.0.1846 allows attackers to cause a denial of service or potentially execute arbitrary code b...

This vulnerability is a divide-by-zero error in Vim text editor versions 9.0.1367-1 through 9.0.1367-3. It allows attackers to crash Vim by opening sp...

CVE-2023-1127 is a divide-by-zero vulnerability in Vim text editor that can cause a crash or potentially allow arbitrary code execution when processin...

CVE-2022-2598 is an out-of-bounds write vulnerability in Vim's API that could allow arbitrary code execution when processing specially crafted input. ...

CVE-2022-2522 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 9.0.0061. Attackers can exploit this by tricking user...

This CVE describes a Use After Free vulnerability in Vim text editor versions prior to 9.0.0046. Attackers can exploit this memory corruption flaw by ...

CVE-2022-2210 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...

CVE-2022-2207 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...

CVE-2022-2206 is an out-of-bounds read vulnerability in Vim text editor versions prior to 8.2. This allows attackers to read sensitive memory contents...

CVE-2022-2182 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...

CVE-2022-2175 is a buffer over-read vulnerability in Vim text editor versions prior to 8.2. This allows attackers to read memory beyond allocated buff...

CVE-2022-2129 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...

CVE-2022-2125 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...

CVE-2022-2124 is a buffer over-read vulnerability in Vim text editor that allows reading beyond allocated memory boundaries. This affects users runnin...

CVE-2022-2042 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This memory corruption flaw could allow attackers to execute...

CVE-2022-2000 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...

CVE-2022-1968 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tricking ...

CVE-2022-1897 is an out-of-bounds write vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code by tri...

CVE-2022-1898 is a use-after-free vulnerability in Vim text editor that allows attackers to execute arbitrary code by tricking users into opening spec...

CVE-2022-1735 is a classic buffer overflow vulnerability in Vim text editor versions prior to 8.2.4969. Attackers can exploit this by tricking users i...

CVE-2022-1733 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2.4968. Attackers can exploit this by tricking user...

CVE-2022-1629 is a buffer over-read vulnerability in Vim's find_next_quote function that could allow attackers to crash the application, modify memory...

CVE-2022-1619 is a heap-based buffer overflow vulnerability in Vim's command-line editing function that could allow attackers to crash the application...

CVE-2022-1616 is a use-after-free vulnerability in Vim's append_command function that allows attackers to crash the application, bypass memory protect...

CVE-2022-1381 is a heap buffer overflow vulnerability in Vim's skip_range function that allows attackers to crash the application, bypass memory prote...

CVE-2022-1154 is a use-after-free vulnerability in Vim's utf_ptr2char function that could allow an attacker to execute arbitrary code or cause a denia...

CVE-2022-0943 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2.4563. Attackers can exploit this by tricking user...

CVE-2022-0729 is a use-after-free vulnerability in Vim's memory handling that allows an attacker to execute arbitrary code by tricking a user into ope...

CVE-2022-0685 is a memory corruption vulnerability in Vim text editor caused by an out-of-range pointer offset. Attackers can exploit this by tricking...

CVE-2022-0629 is a stack-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code...

CVE-2022-0443 is a use-after-free vulnerability in Vim text editor versions prior to 8.2. This memory corruption flaw could allow attackers to execute...

CVE-2022-0417 is a heap-based buffer overflow vulnerability in Vim text editor versions prior to 8.2. This allows attackers to execute arbitrary code ...