{"id":"MGASA-2017-0275","summary":"Updated vim packages fix security vulnerabilities","details":"Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor,\ndoes not properly validate values for the \"filetype\", \"syntax\" and \"keymap\"\noptions, which may result in the execution of arbitrary code if a file with a\nspecially crafted modeline is opened (CVE-2016-1248).\n\nA vulnerability has been discovered in Vim where a malformed spell file could\ncause an integer overflow which is used as the size for memory allocation,\nresulting in a subsequent buffer overflow (CVE-2017-5953).\n\nAn integer overflow flaw was found in the way vim handled undo files. This bug\ncould result in vim crashing when trying to process corrupted undo files\n(CVE-2017-6349).\n\nAn integer overflow flaw was found in the way vim handled tree length values\nwhen reading an undo file. This bug could result in vim crashing when trying\nto process corrupted undo files (CVE-2017-6350).\n","modified":"2026-04-16T06:23:25.653703083Z","published":"2017-08-17T08:02:00Z","upstream":["CVE-2016-1248","CVE-2017-5953","CVE-2017-6349","CVE-2017-6350"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0275.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19829"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3722"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3786"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JYVF3KT6EAEDFGLP5STYMQ7VRJDMK66G/"}],"affected":[{"package":{"name":"vim","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/vim?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.4.430-7.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0275.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}