Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Netapp
Netapp hci Compute Node
Netapp hci Compute Node Firmware
CPEs cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*
cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*
cpe:2.3:o:netapp:hci_compute_node_firmware:-:*:*:*:*:*:*:*
Vendors & Products Netapp
Netapp hci Compute Node
Netapp hci Compute Node Firmware

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00041}

epss

{'score': 0.00045}


Fri, 14 Mar 2025 10:45:00 +0000

Type Values Removed Values Added
References

Tue, 21 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 21 Jan 2025 15:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Low


Tue, 21 Jan 2025 03:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Jan 2025 01:45:00 +0000

Type Values Removed Values Added
References

Mon, 20 Jan 2025 23:00:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.
Title segmentation fault in win_line() in Vim < 9.1.1043
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-03-14T10:03:09.511Z

Reserved: 2025-01-16T17:31:06.458Z

Link: CVE-2025-24014

cve-icon Vulnrichment

Updated: 2025-03-14T10:03:09.511Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-20T23:15:07.730

Modified: 2025-08-14T01:40:54.367

Link: CVE-2025-24014

cve-icon Redhat

Severity : Low

Publid Date: 2025-01-20T22:53:14Z

Links: CVE-2025-24014 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-07-13T11:07:12Z