{"schema_version":"1.7.2","id":"OESA-2026-2449","modified":"2026-05-22T13:22:41Z","published":"2026-05-22T13:22:41Z","upstream":["CVE-2026-42307","CVE-2026-44656","CVE-2026-45130"],"summary":"vim security update","details":"Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.\r\n\r\nSecurity Fix(es):\n\nVim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.(CVE-2026-42307)\n\nVim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick-enclosed shell commands, those commands are executed during file name completion. Because the path option lacks the P_SECURE flag, it can be set from a modeline, allowing an attacker who controls the contents of a file to execute arbitrary shell commands when the user opens that file in Vim and triggers :find completion. This issue has been patched in version 9.2.0435.(CVE-2026-44656)\n\nVim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.(CVE-2026-45130)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS-SP3","name":"vim","purl":"pkg:rpm/openEuler/vim&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.0.2092-33.oe2403sp3"}]}],"ecosystem_specific":{"aarch64":["vim-X11-9.0.2092-33.oe2403sp3.aarch64.rpm","vim-common-9.0.2092-33.oe2403sp3.aarch64.rpm","vim-debuginfo-9.0.2092-33.oe2403sp3.aarch64.rpm","vim-debugsource-9.0.2092-33.oe2403sp3.aarch64.rpm","vim-enhanced-9.0.2092-33.oe2403sp3.aarch64.rpm","vim-minimal-9.0.2092-33.oe2403sp3.aarch64.rpm"],"noarch":["vim-filesystem-9.0.2092-33.oe2403sp3.noarch.rpm"],"src":["vim-9.0.2092-33.oe2403sp3.src.rpm"],"x86_64":["vim-X11-9.0.2092-33.oe2403sp3.x86_64.rpm","vim-common-9.0.2092-33.oe2403sp3.x86_64.rpm","vim-debuginfo-9.0.2092-33.oe2403sp3.x86_64.rpm","vim-debugsource-9.0.2092-33.oe2403sp3.x86_64.rpm","vim-enhanced-9.0.2092-33.oe2403sp3.x86_64.rpm","vim-minimal-9.0.2092-33.oe2403sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2449"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42307"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44656"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-45130"}],"database_specific":{"severity":"Medium"}}