Buffer overflow in Vifm
CVE-2026-8997
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, po…
Vulnerability class: Buffer Overflow
EPSS: 0.000 (6.5th percentile) — read the EPSS interpretation.
Affected products
- Vifm — versions 0.12.1
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (patch)