Buffer Overflow Vulnerability in Vim Command Line Text Editor
CVE-2026-59857
5.6MEDIUM
What is CVE-2026-59857?
A vulnerability exists in Vim, an open source command line text editor, where a buffer overflow can be triggered through the spell_soundfold_sal() function. This function improperly manages memory, allowing a length check to be bypassed, which can lead to an overflow when processing certain words. Specifically, if a boundary-length word is passed to the soundfold() function, it may overwrite memory beyond the allocated stack, potentially crashing the editor. This issue has been resolved in version 9.2.0725.
Affected Version(s)
vim < 9.2.0725
