DEBIAN-CVE-2025-24014

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2025-24014

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-24014.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-24014

Upstream

CVE-2025-24014

Published

2025-01-20T23:15:07Z

Modified

2025-09-19T06:07:19Z

Summary

[none]

Details

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

References

https://security-tracker.debian.org/tracker/CVE-2025-24014

Affected packages

Debian:13 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.1.1113-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.1.1113-1

Ecosystem specific

{
    "urgency": "unimportant"
}