CVE-2016-1248

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
≤ 8.0.0055
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
neovim
bookworm
0.7.2-7
fixed
bullseye
0.4.4-1
fixed
sid
0.9.5-10
fixed
trixie
0.9.5-10
fixed
vim
bookworm
2:9.0.1378-2
fixed
bullseye
2:8.2.2434-3+deb11u1
fixed
sid
2:9.1.0777-1
fixed
trixie
2:9.1.0777-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
neovim
precise
dne
trusty
dne
xenial
dne
yakkety
dne
zesty
not-affected
vim
precise
Fixed 2:7.3.429-2ubuntu2.2
released
trusty
Fixed 2:7.4.052-1ubuntu3.1
released
xenial
Fixed 2:7.4.1689-3ubuntu1.2
released
yakkety
Fixed 2:7.4.1829-1ubuntu2.1
released
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 12 SP1
7.4.326-7.1
fixed
suse enterprise sap 12 SP2
7.4.326-7.1
fixed
suse enterprise sap 12 SP5
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP1
7.4.326-7.1
fixed
suse enterprise server 12 SP2
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP3
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP4
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP5
9.0.0814-17.9.1
fixed
vim
suse enterprise sap 12 SP1
7.4.326-7.1
fixed
suse enterprise sap 12 SP2
7.4.326-7.1
fixed
suse enterprise sap 12 SP5
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP1
7.4.326-7.1
fixed
suse enterprise server 12 SP2
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP3
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP4
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP5
9.0.0814-17.9.1
fixed
vim-data
suse enterprise sap 12 SP1
7.4.326-7.1
fixed
suse enterprise sap 12 SP2
7.4.326-7.1
fixed
suse enterprise sap 12 SP5
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP1
7.4.326-7.1
fixed
suse enterprise server 12 SP2
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP3
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP4
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP5
9.0.0814-17.9.1
fixed
vim-data-common
suse enterprise sap 12 SP5
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP2
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP3
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP4
9.0.0814-17.9.1
fixed
suse enterprise server 12 SP5
9.0.0814-17.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
vim-X11
RHEL 6
2:7.4.629-5.el6_8.1
fixed
RHEL 7
2:7.4.160-1.el7_3.1
fixed
vim-common
RHEL 6
2:7.4.629-5.el6_8.1
fixed
RHEL 7
2:7.4.160-1.el7_3.1
fixed
vim-enhanced
RHEL 6
2:7.4.629-5.el6_8.1
fixed
RHEL 7
2:7.4.160-1.el7_3.1
fixed
vim-filesystem
RHEL 6
2:7.4.629-5.el6_8.1
fixed
RHEL 7
2:7.4.160-1.el7_3.1
fixed
vim-minimal
RHEL 6
2:7.4.629-5.el6_8.1
fixed
RHEL 7
2:7.4.160-1.el7_3.1
fixed
Common Weakness Enumeration
References
http://openwall.com/lists/oss-security/2016/11/22/20
http://rhn.redhat.com/errata/RHSA-2016-2972.html
http://www.debian.org/security/2016/dsa-3722
http://www.securityfocus.com/bid/94478
http://www.securitytracker.com/id/1037338
http://www.ubuntu.com/usn/USN-3139-1
https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/vim/vim/releases/tag/v8.0.0056
https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
https://lists.debian.org/debian-security-announce/2016/msg00305.html
https://security.gentoo.org/glsa/201701-29
http://openwall.com/lists/oss-security/2016/11/22/20
http://rhn.redhat.com/errata/RHSA-2016-2972.html
http://www.debian.org/security/2016/dsa-3722
http://www.securityfocus.com/bid/94478
http://www.securitytracker.com/id/1037338
http://www.ubuntu.com/usn/USN-3139-1
https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/vim/vim/releases/tag/v8.0.0056
https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
https://lists.debian.org/debian-security-announce/2016/msg00305.html
https://security.gentoo.org/glsa/201701-29