Out-of-bounds Read in Vim

CVE-2026-57454

Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such…

Vulnerability class: Buffer Overflow

Affected products

Vim — versions >= 9.2.0320, < 9.2.0679

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)