Vim Heap-Buffer Overflow Vulnerability in Visual Mode

A heap-buffer overflow vulnerability has been identified in Vim versions prior to 9.1.1003. The issue arises when visual mode is active and the ':all' command is executed, causing Vim to improperly manage the visual selection. This mismanagement can lead to accessing memory beyond the intended buffer line, creating a heap-buffer overflow. The vulnerability requires user interaction, as visual mode must be enabled when the ':all' command is used.

Impact

Exploitation of this vulnerability causes a heap-buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

To reproduce this vulnerability, first ensure that Vim is running a version prior to 9.1.1003. Activate visual mode and then execute the ':all' command. Afterward, attempt to paste content from the clipboard while the visual selection is still active. This sequence will trigger the heap-buffer overflow by causing Vim to access memory beyond the end of a line in the buffer.

Remediation

Users can upgrade to Vim version 9.1.1003 or later, where this vulnerability has been fixed.