CVE-2025-24014

Publication date 21 January 2025

Last updated 21 January 2025

Ubuntu priority

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vim	24.10 oracular	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2025-24014
https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955
https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919
http://www.openwall.com/lists/oss-security/2025/01/20/4
http://www.openwall.com/lists/oss-security/2025/01/21/1