Impact
The vulnerability is located in Vim’s get_text_props() function, which reads a stored property count and incorrectly assumes the data length matches the count. When the count is fabricated to be large while the actual buffer contains little data, Vim reads past the end of the line buffer, corrupting memory and resulting in a crash. The flaw is a classic out‑of‑bounds read (CWE‑125) that triggers a denial‑of‑service by crashing the editor.
Affected Systems
Any installation of the Vim text editor older than version 9.2.0670 is affected. The issue was present before the 9.2.0670 release and was addressed in that release. Users running earlier Vim releases should inspect whether they are using autostart or open recent undo files that may contain malicious data.
Risk and Exploitability
With a CVSS base score of 5.3 the risk is moderate. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, indicating no known operational exploitation. The likely attack vector is local or remote if an attacker can place a crafted undo file in a location where Vim will load it. The flaw is a memory corruption that requires the victim to load the malicious data; it does not provide remote code execution or privilege escalation.
OpenCVE Enrichment