AZL-55815

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55815.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-55815

Upstream

CVE-2025-24014

Published

2025-01-20T23:15:07Z

Modified

2026-04-01T05:18:44.397683Z

Summary

CVE-2025-24014 affecting package vim for versions less than 9.1.0791-3

Details

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24014

Affected packages

Azure Linux:3 / vim

Package

Name: vim
Purl: pkg:rpm/azure-linux/vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.0791-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-55815.json"