Vim Segmentation Fault Vulnerability in Silent Ex Mode

A segmentation fault vulnerability has been identified in Vim versions prior to 9.1.1043. In silent Ex mode, Vim operates without displaying a screen, but it is still possible to trigger the scrolling function of a GUI version by sending binary characters. This can cause a segmentation fault by accessing the ScreenLines pointer, which has not been allocated in silent mode. The vulnerability requires the user to intentionally feed binary data to Vim in Ex mode.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the Vim process.

Reproduction

The vulnerability can be reproduced by running Vim in silent Ex mode with the command 'vim -s -e'. While in this mode, send binary data that includes characters triggering the scrolling function. This will cause Vim to attempt a screen redraw, accessing the uninitialized ScreenLines pointer, which results in a segmentation fault.

Remediation

Users can upgrade to Vim version 9.1.1043 or later, where this vulnerability has been fixed.