Zero Day MonitorZDM

← Back to list

6.6

CVE-2026-45130EXPLOITEDPATCHED

vim · vim

Vim: Heap Buffer Overflow in spell file loading

Description

Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

Affected Products

Vendor	Product	Versions
vim	vim	< 9.2.0450, < 9.2.479

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
open source	vim	cert_advisory	90%

References

https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv(x_refsource_CONFIRM)
https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8(x_refsource_MISC)
https://github.com/vim/vim/releases/tag/v9.2.0450(x_refsource_MISC)

Related News (6 articles)

Tier C

oss-security16d ago

[vim-security] Command Injection in tar.vim affects Vim < 9.2.479

→ No new info (linked only)

Tier C

oss-security16d ago

Re: [vim-security] Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450

→ No new info (linked only)

Tier B

CERT-FR17d ago

Multiples vulnérabilités dans les produits Microsoft (13 mai 2026)

→ No new info (linked only)

Tier B

BSI Advisories19d ago

[NEU] [mittel] vim: Schwachstelle ermöglicht Denial of Service

→ No new info (linked only)

Tier A

Microsoft MSRC20d ago

CVE-2026-45130 Vim: Heap Buffer Overflow in spell file loading

→ No new info (linked only)

Tier C

VulDB21d ago

CVE-2026-45130 | vim up to 9.2.0449 Spell File src/spellfile.c read_compound length heap-based overflow (GHSA-q4jv-r9gj-6cwv)

→ No new info (linked only)

CVSS 3.16.6 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

9.2.0450

CWECWE-122, CWE-190, CWE-78, CWE-88

PublishedMay 8, 2026

Last enriched16d agov3

Tags

CVE-2026-45130command injectionvimunix-like systems

Trending Score6

Source articles6

Independent5

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMPRE-CVEEXP

Arbitrary Code Execution via Python Omni-Completion in Vim < 9.2.561

HIGHCVE-2026-34982

Vim modeline bypass via various options affects Vim < 9.2.0276

MEDIUMCVE-2026-33412

Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n

LOWCVE-2026-46483EXP

Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag

CRITICALCVE-2026-44656EXP

Vim: OS Command Injection via 'path' completion

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

May 8, 2026

Discovered by ZDM

May 8, 2026

Updated: severity, activelyExploited, patchAvailable

May 9, 2026

Updated: description, tags

May 14, 2026

Actively Exploited

May 14, 2026

Patch Available

May 14, 2026

Version History

v3

Last enriched 16d ago

v3Tier C16d ago

Added detailed technical description, updated CWE list, and included new CVE ID CVE-2026-45130.

descriptiontags

via oss-security

v2Tier C21d ago

Updated severity to CRITICAL, marked as actively exploited, and specified patch available in version 9.2.0450.

severityactivelyExploitedpatchAvailable

via VulDB

v121d ago

Initial creation