Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

CVE-2025-24014

Public on 2025-01-20
Modified on 2025-01-22
Description

Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.

Severity
Medium
See what this means
CVSS v3 Base Score
4.2
See breakdown
Continue reading

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 - Core vim 2025-02-12 23:17 ALAS2-2025-2753

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
NVD CVSSv3 4.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

References

Red Hat: CVE-2025-24014 Mitre: CVE-2025-24014 FAQs regarding Amazon Linux ALAS/CVE Severity