CVE Catalog

CVE-2026-45130

MediumCVSS 6.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.00%

0th percentile - higher than 0% of all known CVEs

Summary

In the Vim text editor prior to version 9.2.0450, a heap buffer overflow exists in read_compound() when loading a crafted spell file (.spl) with UTF-8 encoding active. A malicious file can exploit an attacker-controlled length field, leading to buffer overflow.

Risk Assessment

An attacker could exploit this vulnerability to execute malicious code, posing a serious security threat to the system, especially if a malicious .spl file is placed on the runtime path.

Recommendation

It is recommended to upgrade to version 9.2.0450 or later to mitigate this vulnerability. Additionally, avoid loading .spl files from untrusted sources.

Original NVD description (English source)

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS