Vulnerability DatabaseCVE-2025-24014

CVE-2025-24014:
Vim vulnerability analysis and mitigation

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Source: NVD

4.2

Score

Published January 20, 2025

Severity MEDIUM

CNA Score 4.2

Affected Technologies

Vim
Linux Red Hat

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 13.6

Exploitation Probability (EPSS) N/A

Sources

NVD
Alpine Security Tracker
- Alpine 3.21, edge Severity MEDIUMHas FixAdded at: Feb 16, 2025
- Alpine 3.22 Severity MEDIUMHas FixAdded at: Jun 01, 2025
CBL-Mariner
- CBL-Mariner 2.0 Severity MEDIUMHas FixAdded at: Feb 02, 2025
- CBL-Mariner 3.0 Severity MEDIUMHas FixAdded at: May 04, 2025
Debian Security Tracker
- Debian 11, 12 Severity LOWNo FixAdded at: Jan 22, 2025
- Debian 13 Severity LOWHas FixAdded at: Jan 22, 2025
Red Hat Errata
- Red Hat 6, 7, 8, 9 Severity LOWNo FixAdded at: Jan 22, 2025
Ubuntu Security Tracker
- Ubuntu 20.04, 22.04, 24.10 Severity MEDIUMHas FixAdded at: Feb 11, 2025
- Ubuntu 24.04 Severity MEDIUMHas FixAdded at: Apr 03, 2025
- Ubuntu 25.04 Severity MEDIUMHas FixAdded at: May 08, 2025
VulnCheck NVD++
- Linux Severity MEDIUMHas FixAdded at: Jan 21, 2025
- Windows Severity MEDIUMHas FixAdded at: Jan 21, 2025