Improper Input Validation Affecting vim package, versions <2:8.0.0095-1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
80.03% (99th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-VIM-520680
- published 23 Nov 2016
- disclosed 23 Nov 2016
Introduced: 23 Nov 2016
CVE-2016-1248 Open this link in a new tabHow to fix?
Upgrade Debian:11
vim
to version 2:8.0.0095-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream vim
package and not the vim
package as distributed by Debian
.
See How to fix?
for Debian:11
relevant fixed versions and status.
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
References
- ADVISORY
- CVE Details
- Debian Security Advisory
- Debian Security Announcement
- Gentoo Security Advisory
- GitHub Commit
- GitHub Commit
- GitHub Release
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- OSS security Advisory
- RedHat Security Advisory
- Security Focus
- Security Tracker
- Ubuntu CVE Tracker
- Ubuntu Security Advisory