MGASA-2017-0275
- Source
- https://advisories.mageia.org/MGASA-2017-0275.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0275.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2017-0275
- Related
- Published
- 2017-08-17T08:02:00Z
- Modified
- 2017-08-17T07:41:16Z
- Summary
- Updated vim packages fix security vulnerabilities
- Details
-
Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened (CVE-2016-1248).
A vulnerability has been discovered in Vim where a malformed spell file could cause an integer overflow which is used as the size for memory allocation, resulting in a subsequent buffer overflow (CVE-2017-5953).
An integer overflow flaw was found in the way vim handled undo files. This bug could result in vim crashing when trying to process corrupted undo files (CVE-2017-6349).
An integer overflow flaw was found in the way vim handled tree length values when reading an undo file. This bug could result in vim crashing when trying to process corrupted undo files (CVE-2017-6350).
- References
-
- https://advisories.mageia.org/MGASA-2017-0275.html
- https://bugs.mageia.org/show_bug.cgi?id=19829
- https://www.debian.org/security/2016/dsa-3722
- https://www.debian.org/security/2017/dsa-3786
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYVF3KT6EAEDFGLP5STYMQ7VRJDMK66G/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / vim
Package
- Name
- vim
- Purl
- pkg:rpm/mageia/vim?distro=mageia-5