Loading market data...
← Back to CVE feed

CVE-2026-57454

MEDIUM CVSS 6.1 View on NVD ↗

Description

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Affected Products

vim/vim
Published: Jun 25, 2026 16:16 UTC Modified: Jun 26, 2026 04:22 UTC