Segmentation Fault Vulnerability in Vim Text Editor
CVE-2025-24014

4.2MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
20 January 2025

Badges

đź‘ľ Exploit Existsđź“° News Worthy

What is CVE-2025-24014?

This vulnerability in Vim arises from a segmentation fault that occurs when using the silent Ex mode (-s -e) with certain input. Although Vim’s interface does not display a screen in this mode, it is still possible to trigger scrolling functionality intended for GUI versions. Providing specific binary characters can lead to an attempt to access the ScreenLines pointer, which has not been properly allocated due to the lack of a display context. This issue can potentially lead to unpredictable behavior or application crashes. Users are advised to upgrade to Vim version 9.1.1043 or later, where this vulnerability has been addressed.

Affected Version(s)

vim < 9.1.1043

News Articles

favicon imageGBHackers News

Vim Command Line Text Editor Segmentation Vulnerability Patched

Christian Brabandt, a prominent figure in the Vim community, announced the patching of a medium-severity segmentation fault vulnerability identified as CVE-2025-24014.

References

https://github.com/vim/vim/security/advisories/GHSA-j3g9-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a48...
x_refsource_MISC

CVSS V3.1

Score:
4.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • đź‘ľ

    Exploit known to exist

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-24014 : Segmentation Fault Vulnerability in Vim Text Editor