{"id":"CVE-2026-57454","summary":"Vim: Out-of-bounds Read with Text Properties","details":"Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose offset and length point outside the line's property data. When Vim restores or displays such a line it converts the offset into a pointer and reads the virtual text without bounds checking, causing an out-of-bounds read that can crash Vim or disclose adjacent heap memory. This vulnerability is fixed in 9.2.0679.","aliases":["GHSA-ww8h-47xp-hp4w"],"modified":"2026-07-08T08:13:52.353000237Z","published":"2026-06-25T15:24:54.196Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57454.json","cwe_ids":["CWE-125"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/vim/vim/releases/tag/v9.2.0679"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57454.json"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-ww8h-47xp-hp4w"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57454"},{"type":"FIX","url":"https://github.com/vim/vim/commit/b3faeecc976d3031d7c0675623516ec60c30f949"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vim/vim","events":[{"introduced":"ff41e9d853ef3e366575e375d8c40cf11d5e331b"},{"fixed":"b3faeecc976d3031d7c0675623516ec60c30f949"}],"database_specific":{"extracted_events":[{"introduced":"9.2.0320"},{"fixed":"9.2.0679"}],"cpe":"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*","source":["AFFECTED_FIELD","CPE_RANGE","REFERENCES"]}}],"versions":["v9.2.0678","v9.2.0677","v9.2.0676","v9.2.0675","v9.2.0674","v9.2.0673","v9.2.0672","v9.2.0671","v9.2.0670","v9.2.0669","v9.2.0668","v9.2.0667","v9.2.0666","v9.2.0665","v9.2.0664","v9.2.0663","v9.2.0662","v9.2.0661","v9.2.0660","v9.2.0659","v9.2.0658","v9.2.0657","v9.2.0656","v9.2.0655","v9.2.0654","v9.2.0653","v9.2.0652","v9.2.0651","v9.2.0650","v9.2.0649","v9.2.0648","v9.2.0647","v9.2.0646","v9.2.0645","v9.2.0644","v9.2.0643","v9.2.0642","v9.2.0641","v9.2.0640","v9.2.0639","v9.2.0638","v9.2.0637","v9.2.0636","v9.2.0635","v9.2.0634","v9.2.0633","v9.2.0632","v9.2.0631","v9.2.0630","v9.2.0629","v9.2.0628","v9.2.0627","v9.2.0626","v9.2.0625","v9.2.0624","v9.2.0623","v9.2.0622","v9.2.0621","v9.2.0620","v9.2.0619","v9.2.0618","v9.2.0617","v9.2.0616","v9.2.0615","v9.2.0614","v9.2.0613","v9.2.0612","v9.2.0611","v9.2.0610","v9.2.0609","v9.2.0608","v9.2.0607","v9.2.0606","v9.2.0605","v9.2.0604","v9.2.0603","v9.2.0602","v9.2.0601","v9.2.0600","v9.2.0599","v9.2.0598","v9.2.0597","v9.2.0596","v9.2.0595","v9.2.0594","v9.2.0593","v9.2.0592","v9.2.0591","v9.2.0590","v9.2.0589","v9.2.0588","v9.2.0587","v9.2.0586","v9.2.0585","v9.2.0584","v9.2.0583","v9.2.0582","v9.2.0581","v9.2.0580","v9.2.0579","v9.2.0578","v9.2.0577","v9.2.0576","v9.2.0575","v9.2.0574","v9.2.0573","v9.2.0572","v9.2.0571","v9.2.0570","v9.2.0569","v9.2.0568","v9.2.0567","v9.2.0566","v9.2.0565","v9.2.0564","v9.2.0563","v9.2.0562","v9.2.0561","v9.2.0560","v9.2.0559","v9.2.0558","v9.2.0557","v9.2.0556","v9.2.0555","v9.2.0554","v9.2.0553","v9.2.0552","v9.2.0551","v9.2.0550","v9.2.0549","v9.2.0548","v9.2.0547","v9.2.0546","v9.2.0545","v9.2.0544","v9.2.0543","v9.2.0542","v9.2.0541","v9.2.0540","v9.2.0539","v9.2.0538","v9.2.0537","v9.2.0536","v9.2.0535","v9.2.0534","v9.2.0533","v9.2.0532","v9.2.0531","v9.2.0530","v9.2.0529","v9.2.0528","v9.2.0527","v9.2.0526","v9.2.0525","v9.2.0524","v9.2.0523","v9.2.0522","v9.2.0521","v9.2.0520","v9.2.0519","v9.2.0518","v9.2.0517","v9.2.0516","v9.2.0514","v9.2.0515","v9.2.0513","v9.2.0512","v9.2.0511","v9.2.0510","v9.2.0509","v9.2.0508","v9.2.0507","v9.2.0506","v9.2.0505","v9.2.0504","v9.2.0503","v9.2.0502","v9.2.0501","v9.2.0500","v9.2.0499","v9.2.0498","v9.2.0497","v9.2.0496","v9.2.0495","v9.2.0494","v9.2.0493","v9.2.0492","v9.2.0491","v9.2.0490","v9.2.0489","v9.2.0488","v9.2.0487","v9.2.0486","v9.2.0485","v9.2.0484","v9.2.0483","v9.2.0482","v9.2.0481","v9.2.0480","v9.2.0479","v9.2.0478","v9.2.0477","v9.2.0476","v9.2.0475","v9.2.0474","v9.2.0473","v9.2.0472","v9.2.0471","v9.2.0470","v9.2.0469","v9.2.0468","v9.2.0467","v9.2.0466","v9.2.0465","v9.2.0464","v9.2.0463","v9.2.0462","v9.2.0461","v9.2.0460","v9.2.0459","v9.2.0458","v9.2.0457","v9.2.0456","v9.2.0455","v9.2.0454","v9.2.0453","v9.2.0452","v9.2.0451","v9.2.0450","v9.2.0449","v9.2.0448","v9.2.0447","v9.2.0446","v9.2.0445","v9.2.0444","v9.2.0443","v9.2.0442","v9.2.0441","v9.2.0440","v9.2.0439","v9.2.0438","v9.2.0437","v9.2.0436","v9.2.0435","v9.2.0434","v9.2.0433","v9.2.0432","v9.2.0431","v9.2.0430","v9.2.0429","v9.2.0428","v9.2.0427","v9.2.0426","v9.2.0425","v9.2.0424","v9.2.0423","v9.2.0422","v9.2.0421","v9.2.0420","v9.2.0419","v9.2.0418","v9.2.0417","v9.2.0416","v9.2.0415","v9.2.0414","v9.2.0413","v9.2.0412","v9.2.0411","v9.2.0410","v9.2.0409","v9.2.0408","v9.2.0407","v9.2.0406","v9.2.0405","v9.2.0404","v9.2.0403","v9.2.0402","v9.2.0401","v9.2.0400","v9.2.0399","v9.2.0398","v9.2.0397","v9.2.0396","v9.2.0395","v9.2.0394","v9.2.0393","v9.2.0392","v9.2.0391","v9.2.0390","v9.2.0389","v9.2.0388","v9.2.0387","v9.2.0386","v9.2.0385","v9.2.0384","v9.2.0383","v9.2.0382","v9.2.0381","v9.2.0380","v9.2.0379","v9.2.0378","v9.2.0377","v9.2.0376","v9.2.0375","v9.2.0374","v9.2.0373","v9.2.0372","v9.2.0371","v9.2.0370","v9.2.0369","v9.2.0368","v9.2.0367","v9.2.0366","v9.2.0365","v9.2.0364","v9.2.0363","v9.2.0362","v9.2.0361","v9.2.0360","v9.2.0359","v9.2.0358","v9.2.0357","v9.2.0356","v9.2.0355","v9.2.0354","v9.2.0353","v9.2.0352","v9.2.0351","v9.2.0350","v9.2.0349","v9.2.0348","v9.2.0347","v9.2.0346","v9.2.0345","v9.2.0344","v9.2.0343","v9.2.0342","v9.2.0341","v9.2.0340","v9.2.0339","v9.2.0338","v9.2.0337","v9.2.0336","v9.2.0335","v9.2.0334","v9.2.0333","v9.2.0332","v9.2.0331","v9.2.0330","v9.2.0329","v9.2.0328","v9.2.0327","v9.2.0326","v9.2.0325","v9.2.0324","v9.2.0323","v9.2.0322","v9.2.0321","v9.2.0320"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57454.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N"}]}