MGASA-2026-0240

Source
https://advisories.mageia.org/MGASA-2026-0240.html
Import Source
https://advisories.mageia.org/MGASA-2026-0240.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2026-0240
Upstream
Published
2026-07-10T15:41:14Z
Modified
2026-07-10T15:45:04.007440114Z
Summary
Updated vim packages fix security vulnerabilities
Details

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0561. (CVE-2026-52858) Out-of-bounds Read in Terminal Screen Snapshot in Vim < 9.2.0565. (CVE-2026-52859) Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.0597. (CVE-2026-52860) Out-of-bounds Write in Spell File Word Count in Vim < 9.2.0653. (CVE-2026-55693) Out-of-bounds Write in Spell File Prefix Dump in Vim < 9.2.0662. (CVE-2026-55892) Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename affects Vim < 9.2.0663. (CVE-2026-55895) Out-of-bounds Read in Text Property Count in Vim < 9.2.0670. (CVE-2026-57451) Out-of-bounds Read with libsodium-encrypted Files in Vim < 9.2.0671. (CVE-2026-57452) PowerShell Command Injection in zip.vim via Crafted Archive Entry Names in Vim > 9.1.1783 && Vim < 9.2.0678. (CVE-2026-57453) Out-of-bounds Read with Text Properties in Vim >= 9.2.0320 && Vim < 9.2.0679. (CVE-2026-57454) Out-of-bounds Write in SOFO Soundfolding in Vim < 9.2.0698. (CVE-2026-57455) Arbitrary Code Execution via Python Omni-Completion Docstrings in Vim < 9.2.0699. (CVE-2026-57456)

References
Credits

Affected packages

Mageia:10 / vim

Package

Name
vim
Purl
pkg:rpm/mageia/vim?arch=source&distro=mageia-10

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.782-1.mga10

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0240.json"

Mageia:9 / vim

Package

Name
vim
Purl
pkg:rpm/mageia/vim?arch=source&distro=mageia-9

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
9.2.782-1.mga9

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2026-0240.json"