Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2026-25749

Опубликовано: 06 фев. 2026
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS3: 6.6

Описание

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

РелизСтатусПримечание
devel

not-affected

2:9.1.2141-1ubuntu1
esm-infra-legacy/trusty

released

2:7.4.052-1ubuntu3.1+esm23
esm-infra/bionic

released

2:8.0.1453-1ubuntu1.13+esm14
esm-infra/focal

released

2:8.1.2269-1ubuntu5.32+esm2
esm-infra/xenial

released

2:7.4.1689-3ubuntu1.5+esm29
jammy

released

2:8.2.3995-1ubuntu2.26
noble

released

2:9.1.0016-1ubuntu7.10
questing

released

2:9.1.0967-1ubuntu6.1
upstream

released

9.1.2132

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%
0.00005
Низкий

6.6 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2026-25749

CVSS3: 7.3
redhat
около 2 месяцев назад

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

nvd логотип

CVE-2026-25749

CVSS3: 6.6
nvd
около 2 месяцев назад

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

debian логотип

CVE-2026-25749

CVSS3: 6.6
debian
около 2 месяцев назад

Vim is an open source, command line text editor. Prior to version 9.1. ...

redos логотип

ROS-20260319-73-0035

CVSS3: 6.6
redos
8 дней назад

Уязвимость vim

rocky логотип

RLSA-2026:4442

rocky
14 дней назад

Moderate: vim security update

EPSS

Процентиль: 0%
0.00005
Низкий

6.6 Medium

CVSS3