CVE-2025-9389

Medium CVSS: 4.8

A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

Vendor

Vim

Product

Vim

CWE

CWE-119

Yayın Tarihi

2025-08-24 13:15:29

Güncelleme

2025-09-12 18:38:34

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-119 Vim MEDIUM Vim 2025

Referanslar

https://drive.google.com/file/d/1iFbTpW79vqBPkFjWYzGYIh_E6esPhYVY/view?usp=sharing https://github.com/vim/vim/issues/17940 https://github.com/vim/vim/issues/17940#issuecomment-3203415781 https://vuldb.com/?ctiid.321222 https://vuldb.com/?id.321222 https://vuldb.com/?submit.630898 https://github.com/vim/vim/issues/17940 https://github.com/vim/vim/issues/17940#issuecomment-3203415781 https://vuldb.com/?submit.630898

Benzer Kayıtlar

Critical

CVE-2026-34714

Vim before 9.2.0272 allows code execution that happens immediately upon opening a crafted file in the default configurat…

Medium

CVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in…

Medium

CVE-2026-32249

Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encoun…

Medium

CVE-2026-28418

Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds r…

Medium

CVE-2026-28419

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim'…

Medium

CVE-2026-28420

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an ou…