Description
Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.
Published: 2026-06-25
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Vim allows a virtual‑text property in undo or swap files to reference data outside the normal property list. When Vim restores or displays such a line, it converts the out‑of‑range offset into a memory pointer and reads the virtual text without bounds checking, resulting in an out‑of‑bounds read. The effect is a program crash or potential disclosure of adjacent heap memory. This flaw is categorized as CWE‑125.

Affected Systems

The vulnerability exists in the Vim text editor, specifically in embedded build 9.2.0320 up to 9.2.0678. All installations of Vim that utilize undo or swap files created by these versions are affected; installing or running Vim 9.2.0679 or later removes the vulnerability.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. The EPSS score is currently not available and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local: an attacker must supply a crafted undo or swap file that Vim will load, for example by placing a malicious file on the file system or manipulating an existing undo file. Remote exploitation is not supported by the information provided. Given these constraints, the risk is elevated for systems that process untrusted undo or swap files but remains lower for environments with strict file‑access controls.

Generated by OpenCVE AI on June 25, 2026 at 16:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Vim to version 9.2.0679 or later to eliminate the vulnerability.
  • Delete any undo (.undo) or swap (.swp) files that were created by vulnerable Vim releases before restoring or opening them.
  • Restrict file creation for undo or swap files to trusted users or relocate Vim’s swap directory to a secure location to prevent untrusted files from being processed.

Generated by OpenCVE AI on June 25, 2026 at 16:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Vendors & Products Vim
Vim vim

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.
Title Vim: Out-of-bounds Read with Text Properties
Weaknesses CWE-125
References
Metrics cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T18:43:15.704Z

Reserved: 2026-06-24T13:21:20.730Z

Link: CVE-2026-57454

cve-icon Vulnrichment

Updated: 2026-06-26T17:50:57.229Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T15:24:54Z

Links: CVE-2026-57454 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:15:04Z

Weaknesses