Stack Out-of-Bounds Write in Vim Text Editor
CVE-2026-57455

4MEDIUM

Key Information:

Vendor

Vim

Status
Vim
Vendor
CVE Published:
25 June 2026

What is CVE-2026-57455?

A vulnerability in Vim, an open-source command line text editor, allows for a stack out-of-bounds write under specific conditions. The issue arises in the spell_soundfold_sofo() function where, prior to version 9.2.0698, the output index advances without proper bounds, leading to potential corruption of the call frame. This can occur when longer words are processed while a SOFO-based spell language is active, resulting in the writing past the allocated buffer and ultimately crashing the editor. Users should upgrade to version 9.2.0698 to mitigate this risk.

Affected Version(s)

vim < 9.2.0698

References

https://github.com/vim/vim/security/advisories/GHSA-q8mh-...
x_refsource_CONFIRM
https://github.com/vim/vim/commit/497f931f85339d175d7f695...
x_refsource_MISC
https://github.com/vim/vim/releases/tag/v9.2.0698
x_refsource_MISC

CVSS V4

Score:
4
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.