Debian LTS: DLA-4097-1: vim Security Advisory Updates
debian lts
March 30, 2025
Multiple vulnerabilities were discovered in vim, an enhanced vi editor
Topics Covered
Summary
CVE-2021-3872
Heap-based buffer overflow possible if the buffer name is very long.
CVE-2021-4019
Heap-based buffer overflow possible with a very long help argument.
CVE-2021-4173
Double free in the VimScript9 compiler with a nested :def function.
CVE-2021-4187
Double free in the VimScript9 compiler if a nested function has a
line break in its argument list.
CVE-2022-0261
Buffer overflow in block insert, which goes over the end of the line.
CVE-2022-0351
In a command, a condition with many parentheses can cause a crash,
because there was previously no recursion limit.
CVE-2022-0359
A heap-based buffer overflow could occur with a large tabstop in Ex
mode.
CVE-2022-0361
A buffer overflow was found in the code copying lines in Visual
mode.
CVE-2022-0392
A heap-based buffer overflow was found in the code handling
bracketed paste in ex mode.
CVE-2022-0417
The ":retab 0" command may cause a buffer overflow because a limit
was set too high.
CVE-2022-0572
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: vim
Version: 2:8.2.2434-3+deb11u3
CVE ID: CVE-2021-3872 CVE-2021-4019 CVE-2021-4173 CVE-2021-4187
Debian Bug: 1015984 1019590 1027146 1031875 1035955 1053694 1084806
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!