Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 947924 (CVE-2025-22134) - app-editors/vim: heap-buffer-overflow when switching buffers in visual mode
Summary: app-editors/vim: heap-buffer-overflow when switching buffers in visual mode
Status: CONFIRMED
Alias: CVE-2025-22134
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/vim/vim/security/a...
Whiteboard: A4 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2025-01-11 20:36 UTC by Hank Leininger
Modified: 2025-01-12 07:33 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hank Leininger 2025-01-11 20:36:37 UTC 
From $URL:

###
Summary

A heap-buffer-overflow with visual mode was found in Vim < 9.1.1003
Impact

When switching to other buffers using the :all command and visual mode
still being active, this may cause a heap-buffer overflow, because Vim
does not properly end visual mode and therefore may try to access
beyond the end of a line in a buffer.

In Patch 9.1.1003 Vim will correctly reset the visual mode before
opening other windows and buffers and therefore fix this bug. In
addition it does verify that it won't try to access a position if the
position is greater than the corresponding buffer line.

Impact is medium since the user must have switched on visual mode when
executing the :all ex command.

The Vim project would like to thank github user gandalf4a for reporting
this issue.

The issue has been fixed as of Vim patch v9.1.1003
###

The heading says "heap-buffer-overflow in patch 9.1.0938" but the advisory details say nothing about when the issue was introduced, and only says < 9.1.1003. My guess is the mention of 9.1.0938 is simply the version it was discovered on.