vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3903) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. (CVE-2021-4019) vim is vulnerable to Use After Free (CVE-2021-4069) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4187) It was found that vim was vulnerable to use-after-free flaw in win_linetabsize(). Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. (CVE-2021-4192) It was found that vim was vulnerable to an out-of-bound read flaw in getvcol(). A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vim vim |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
Vulmon