7.8
CVE-2016-1248
- EPSS 25.31%
- Veröffentlicht 23.11.2016 15:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@debian.org
- CVE-Watchlists
- Unerledigt
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.31% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://openwall.com/lists/oss-security/2016/11/22/20
http://rhn.redhat.com/errata/RHSA-2016-2972.html
http://www.debian.org/security/2016/dsa-3722
http://www.securityfocus.com/bid/94478
http://www.securitytracker.com/id/1037338
http://www.ubuntu.com/usn/USN-3139-1
https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
https://github.com/vim/vim/releases/tag/v8.0.0056
https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
https://lists.debian.org/debian-security-announce/2016/msg00305.html
https://security.gentoo.org/glsa/201701-29