AZL-66683

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66683.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-66683

Upstream

CVE-2025-9390

Published

2025-08-24T14:15:32Z

Modified

2026-04-21T04:37:56.597845Z

Summary

CVE-2025-9390 affecting package vim for versions less than 9.1.1616-1

Details

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9390

Affected packages

Azure Linux:3 / vim

Package

Name: vim
Purl: pkg:rpm/azure-linux/vim

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.1616-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66683.json"