CVEFinder.io

CVE-2026-45130

đŸ”ļ medium
🔍 Scan for this CVE
Summary

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline,

Description

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

CVSS Score
6.6
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2026-05-08
First Seen: 2026-05-10
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.0% of all 329,456 vulnerabilities in our database.

#171,268
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 12, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2026-06-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE IDs (Weakness Types)
CWE-122 CWE-190

đŸ“Ļ Affected Products 2

Vendor Product Status Affected Versions
vim vim Affected
< 9.2.0450
neovim neovim Affected
< 0.12.2

🔗 References 4

https://github.com/vim/vim/commit/92993329178cb1f72d...
Patch
https://github.com/vim/vim/releases/tag/v9.2.0450
Product
https://github.com/vim/vim/security/advisories/GHSA-...
Exploit Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/05/14/3
Mailing List Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47162 ⚠ī¸ high 8.8 0.3 Vim is an open source, command line text editor. Prior to version 9.2.0495, a Vimscript code injection vulnerability exi... 2026-06-11
CVE-2026-47167 đŸ”ļ medium 5.3 0.1 Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:s... 2026-06-11
CVE-2026-52858 ⚠ī¸ high 7.8 0.2 Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3... 2026-06-11
CVE-2026-52859 ⚠ī¸ high 8.2 0.3 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/termin... 2026-06-11
CVE-2026-52860 ⚠ī¸ high 7.8 0.2 Vim is an open source, command line text editor. Prior to version 9.2.0597, Vim's Python omni-completion executes recons... 2026-06-11
CVE-2026-46483 ℹī¸ low 3.6 0.0 Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimu... 2026-05-15
These CVEs affect the same products