CVE-2026-57454

MEDIUM

Vim: Out-of-bounds Read with Text Properties

Title source: cna
STIX 2.1

Description

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.

References (3)

Core 3

Scores

CVSS v3 6.1
EPSS 0.0012
EPSS Percentile 2.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-125
Status published
Products (2)
vim/vim 9.2.0320 - 9.2.0679
vim/vim >= 9.2.0320, < 9.2.0679
Published Jun 25, 2026
Tracked Since Jun 25, 2026