CVE-2026-45130

EPSS 0%
Veröffentlicht 08.05.2026 22:42:35
Zuletzt bearbeitet 14.05.2026 06:16:23
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Vim: Heap Buffer Overflow in spell file loading

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 7

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellervim

≫

Produkt vim

Version < 9.2.0450

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0%	0.002

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.6	1.8	4.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv

https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8

https://github.com/vim/vim/releases/tag/v9.2.0450

http://www.openwall.com/lists/oss-security/2026/05/14/3

https://nvd.nist.gov/vuln/detail/CVE-2026-45130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-45130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-45130

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-45130