gvim - Arch Linux
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-976 | 8.1.1186-1 | 8.1.1467-1 | High | Fixed | |
| AVG-635 | 8.0.1530-1 | 8.0.1531-1 | Medium | Fixed | |
| AVG-347 | 8.0.0628-1 | 8.0.0722-1 | High | Fixed | FS#54773 |
| AVG-174 | 8.0.0321-1 | 8.0.0322-1 | Medium | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2019-12735 | AVG-976 | High | Yes | Arbitrary code execution | getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as... |
| CVE-2017-1000382 | AVG-635 | Medium | No | Information disclosure | VIM ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not... |
| CVE-2017-11109 | AVG-347 | High | No | Arbitrary code execution | Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. |
| CVE-2017-5953 | AVG-174 | Medium | No | Arbitrary code execution | It was found that vim does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 11 Jun 2019 | ASA-201906-9 | AVG-976 | High | arbitrary code execution |
| 18 Jul 2017 | ASA-201707-19 | AVG-347 | High | arbitrary code execution |
| 15 Feb 2017 | ASA-201702-12 | AVG-174 | Medium | arbitrary code execution |