vulnerability

Oracle Linux: CVE-2022-1154: ELSA-2022-1552: vim security update (MODERATE) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	Apr 6, 2022	Apr 30, 2022	Dec 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

Apr 6, 2022

Added

Apr 30, 2022

Modified

Dec 3, 2025

Description

Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
A heap use-after-free vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because vim is using a buffer line after it has been freed in the old regexp engine. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.

Solutions

oracle-linux-upgrade-vim-commonoracle-linux-upgrade-vim-enhancedoracle-linux-upgrade-vim-filesystemoracle-linux-upgrade-vim-minimaloracle-linux-upgrade-vim-x11

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today