Impact
Vim allows a virtual‑text property in undo or swap files to reference data outside the normal property list. When Vim restores or displays such a line, it converts the out‑of‑range offset into a memory pointer and reads the virtual text without bounds checking, resulting in an out‑of‑bounds read. The effect is a program crash or potential disclosure of adjacent heap memory. This flaw is categorized as CWE‑125.
Affected Systems
The vulnerability exists in the Vim text editor, specifically in embedded build 9.2.0320 up to 9.2.0678. All installations of Vim that utilize undo or swap files created by these versions are affected; installing or running Vim 9.2.0679 or later removes the vulnerability.
Risk and Exploitability
The CVSS score of 6.8 indicates moderate severity. The EPSS score is currently not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local: an attacker must supply a crafted undo or swap file that Vim will load, for example by placing a malicious file on the file system or manipulating an existing undo file. Remote exploitation is not supported by the information provided. Given these constraints, the risk is elevated for systems that process untrusted undo or swap files but remains lower for environments with strict file‑access controls.
OpenCVE Enrichment