Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 609150 (CVE-2017-5953) - <app-editors/{vim,gvim}-8.0.0386: Tree length values not validated properly when handling a spell file (CVE-2017-5953)
Summary: <app-editors/{vim,gvim}-8.0.0386: Tree length values not validated properly w...
Alias: CVE-2017-5953
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on:
Reported: 2017-02-12 17:34 UTC by ncl
Modified: 2017-06-22 19:20 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description ncl 2017-02-12 17:34:23 UTC
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.!topic/vim_dev/t-3RSdEnrHY
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-02-16 01:31:49 UTC
Thank you for the report
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-03 14:28:01 UTC
Added to an existing GLSA request.

Cleanup will happen in bug 611386.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2017-06-22 19:20:17 UTC
This issue was resolved and addressed in
 GLSA 201706-26 at
by GLSA coordinator Kristian Fiskerstrand (K_F).