USN-7748-1
- Source
- https://ubuntu.com/security/notices/USN-7748-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7748-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-7748-1
- Upstream
- Related
- Published
- 2025-09-15T13:18:35.498214Z
- Modified
- 2025-09-16T21:31:09.449194Z
- Summary
- vim vulnerabilities
- Details
-
It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code.
- References
Affected packages
Ubuntu:24.04:LTS / vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:9.1.0016-1ubuntu7.9?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:9.1.0016-1ubuntu7.9
Affected versions
2:9.*
2:9.0.1672-1ubuntu2
2:9.0.2087-1ubuntu1
2:9.0.2116-1ubuntu1
2:9.0.2116-1ubuntu2
2:9.0.2184-0ubuntu1
2:9.0.2189-1ubuntu1
2:9.1.0-1ubuntu1
2:9.1.0016-1ubuntu2
2:9.1.0016-1ubuntu6
2:9.1.0016-1ubuntu7
2:9.1.0016-1ubuntu7.1
2:9.1.0016-1ubuntu7.2
2:9.1.0016-1ubuntu7.3
2:9.1.0016-1ubuntu7.4
2:9.1.0016-1ubuntu7.5
2:9.1.0016-1ubuntu7.6
2:9.1.0016-1ubuntu7.7
2:9.1.0016-1ubuntu7.8
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-athena"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-common"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-motif"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-nox"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:9.1.0016-1ubuntu7.9",
"binary_name": "xxd"
}
],
"availability": "No subscription required"
}
Ubuntu:25.04 / vim
Package
- Name
- vim
- Purl
- pkg:deb/ubuntu/vim@2:9.1.0967-1ubuntu4.1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:9.1.0967-1ubuntu4.1
Affected versions
2:9.*
2:9.1.0496-1ubuntu6
2:9.1.0777-1ubuntu1
2:9.1.0861-1ubuntu1
2:9.1.0967-1ubuntu2
2:9.1.0967-1ubuntu3
2:9.1.0967-1ubuntu4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-athena"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-gtk3"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-gui-common"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-motif"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-nox"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-runtime"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "vim-tiny"
},
{
"binary_version": "2:9.1.0967-1ubuntu4.1",
"binary_name": "xxd"
}
],
"availability": "No subscription required"
}