CVE-2025-24014

EUVD-2025-3594
Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.2 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
GitHub_MCNA
4.2 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.1.1043
netapphci_compute_node_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
2:9.1.2141-1
fixed
sid
2:9.1.2141-1
fixed
trixie
2:9.1.1230-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
bionic
Fixed 2:8.0.1453-1ubuntu1.13+esm13
released
focal
Fixed 2:8.1.2269-1ubuntu5.31
released
jammy
Fixed 2:8.2.3995-1ubuntu2.23
released
noble
Fixed 2:9.1.0016-1ubuntu7.7
released
oracular
Fixed 2:9.1.0496-1ubuntu6.4
released
plucky
Fixed 2:9.1.0967-1ubuntu4
released
questing
Fixed 2:9.1.0967-1ubuntu4
released
trusty
Fixed 2:7.4.052-1ubuntu3.1+esm22
released
xenial
Fixed 2:7.4.1689-3ubuntu1.5+esm28
released
Common Weakness Enumeration
References
https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919
https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
http://www.openwall.com/lists/oss-security/2025/01/20/4
http://www.openwall.com/lists/oss-security/2025/01/21/1
https://security.netapp.com/advisory/ntap-20250314-0005/