vim (Vi IMproved) : security update to 9.1.0404 #5897

MingcongBai · 2024-05-10T12:57:06Z

Affected package (and version)

vim <= 9.1.0403

CVE ID(s)

N/A

Severity

Low

Other security advisory ID(s）

N/A

Description/References

When outputting colored hexdumps using the -R command line flag,
together with -g1 (group every byte), -c 256 (format 256 octets per
line), -d (show offsets in decimal) and -o <large_numer> (add offset to
the file position), the buffer used to write to may overflow.

Impact is low since the user must intentionally execute xxd with several
non-default flags, but it may cause a crash of xxd.

Patch(es)/Solution(s)

Update.

The text was updated successfully, but these errors were encountered:

MingcongBai · 2024-05-10T13:04:09Z

Not yet released at the time of writing.

MingcongBai added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed labels May 10, 2024

MingcongBai linked a pull request May 28, 2024 that will close this issue

vim: update to 9.1.0446 #6349

Merged

7 tasks

MingcongBai closed this as completed in #6349 May 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vim (Vi IMproved) : security update to 9.1.0404 #5897

vim (Vi IMproved) : security update to 9.1.0404 #5897

MingcongBai commented May 10, 2024 •

edited

MingcongBai commented May 10, 2024

vim (Vi IMproved) : security update to 9.1.0404 #5897

vim (Vi IMproved) : security update to 9.1.0404 #5897

Comments

MingcongBai commented May 10, 2024 • edited

Affected package (and version)

CVE ID(s)

Severity

Other security advisory ID(s）

Description/References

Patch(es)/Solution(s)

MingcongBai commented May 10, 2024

MingcongBai commented May 10, 2024 •

edited