DEBIAN-CVE-2025-24014

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-24014

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-24014.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-24014

Upstream

CVE-2025-24014

Published

2025-01-20T23:15:07Z

Modified

2025-09-30T05:20:21.969731Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H CVSS Calculator

Summary

[none]

Details

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

References

https://security-tracker.debian.org/tracker/CVE-2025-24014

Affected packages

Debian:11 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:8.*

2:8.2.2434-3

2:8.2.2434-3+deb11u1

2:8.2.2434-3+deb11u2

2:8.2.2434-3+deb11u3

2:8.2.3455-1

2:8.2.3455-2

2:8.2.3565-1

2:8.2.3995-1

2:8.2.4659-1

2:8.2.4793-1

2:9.*

2:9.0.0135-1

2:9.0.0229-1

2:9.0.0242-1

2:9.0.0626-1

2:9.0.0813-1

2:9.0.1000-1

2:9.0.1000-2

2:9.0.1000-3

2:9.0.1000-4

2:9.0.1378-1

2:9.0.1378-2

2:9.0.1658-1

2:9.0.1672-1

2:9.0.1894-1

2:9.0.2018-1

2:9.0.2087-1

2:9.0.2103-1

2:9.0.2116-1

2:9.0.2189-1

2:9.1.0-1

2:9.1.0016-1

2:9.1.0199-1

2:9.1.0374-1

2:9.1.0377-1

2:9.1.0496-1

2:9.1.0698-1

2:9.1.0709-1

2:9.1.0709-2

2:9.1.0777-1

2:9.1.0861-1

2:9.1.0967-1

2:9.1.0967-2

2:9.1.1113-1

2:9.1.1230-1

2:9.1.1230-2

2:9.1.1385-1

2:9.1.1766-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2:9.*

2:9.0.1378-2

2:9.0.1378-2+deb12u1

2:9.0.1378-2+deb12u2

2:9.0.1658-1

2:9.0.1672-1

2:9.0.1894-1

2:9.0.2018-1

2:9.0.2087-1

2:9.0.2103-1

2:9.0.2116-1

2:9.0.2189-1

2:9.1.0-1

2:9.1.0016-1

2:9.1.0199-1

2:9.1.0374-1

2:9.1.0377-1

2:9.1.0496-1

2:9.1.0698-1

2:9.1.0709-1

2:9.1.0709-2

2:9.1.0777-1

2:9.1.0861-1

2:9.1.0967-1

2:9.1.0967-2

2:9.1.1113-1

2:9.1.1230-1

2:9.1.1230-2

2:9.1.1385-1

2:9.1.1766-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.1.1113-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / vim

Package

Name: vim
Purl: pkg:deb/debian/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:9.1.1113-1

Ecosystem specific

{
    "urgency": "unimportant"
}