CVE-2026-57454

CVE-2026-57454CVE-2026-57454

vim / vim

Description

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Last modified2026-06-26
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.