CVE-2026-57454 - Vim: Out-of-bounds Read with Text Properties
CVE ID :CVE-2026-57454
Published : June 25, 2026, 3:24 p.m. | 1 hour, 16 minutes ago
Description :Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : June 25, 2026, 3:24 p.m. | 1 hour, 16 minutes ago
Description :Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...