An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.
[
{
"source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75",
"target": {
"function": "unserialize_uep",
"file": "src/undo.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-6350-45004407",
"digest": {
"length": 1005.0,
"function_hash": "286491319355190101028972904969148719587"
},
"signature_type": "Function"
},
{
"source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75",
"target": {
"file": "src/version.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-6350-a4d6db68",
"digest": {
"threshold": 0.9,
"line_hashes": [
"146200493773228420153804765641940418619",
"136613725602200377973631259761223677009",
"282512205939074534309079704841984673574",
"111386225882856820865261122546594448029"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75",
"target": {
"file": "src/undo.c"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-6350-cd0bdf47",
"digest": {
"threshold": 0.9,
"line_hashes": [
"289108561216949500740151287674977158828",
"194331739710074178445419108733655364803",
"56555780346878005066323392529368040127",
"17654039463023166988009170897248578708",
"79334838808671219938700096094665296728",
"164266566388636007425373668548842938289",
"98099726582984529493909519202975347143",
"173534883637788049095517056064200278591",
"176631206886677703576570526280540820505",
"190112476072864408762687844683950551196",
"169700040885030606809190026883422222851",
"207415418245936541918473735204759619403",
"307149350828111327855601206950795001537"
]
},
"signature_type": "Line"
}
]