USN-7048-1: Vim vulnerability
1 October 2024
Vim could be made to crash if it received specially crafted input.
Releases
Packages
- vim - Vi IMproved - enhanced vi editor
Details
Suyue Guo discovered that Vim incorrectly handled memory when flushing the
typeahead buffer, leading to heap-buffer-overflow. An attacker could
possibly use this issue to cause a denial of service.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.04
Ubuntu 22.04
Ubuntu 20.04
Ubuntu 18.04
-
vim
-
2:8.0.1453-1ubuntu1.13+esm10
Available with Ubuntu Pro
Ubuntu 16.04
-
vim
-
2:7.4.1689-3ubuntu1.5+esm25
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-7048-2: vim-tiny, vim-runtime, vim-gui-common, vim-doc, vim-gnome, vim-common, vim-lesstif, vim-gtk, vim-nox, vim, vim-athena