Vim Memory Corruption Vulnerability in XXD Utility Autoskip Mode

A memory corruption vulnerability has been identified in Vim version 9.1.0000, specifically within the XXD utility when the autoskip mode is enabled. The issue arises in the function '__memmove_avx_unaligned_erms' located in 'memmove-vec-unaligned-erms.S'. This vulnerability leads to segmentation faults due to improper memory management during the detection and replacement of null lines, allowing for out-of-bounds memory access. The vulnerability requires local exploitation and has a public proof-of-concept available, although some users have reported difficulty reproducing the issue, particularly when terminal coloring is enabled.

Impact

Exploitation of this vulnerability causes a segmentation fault, indicating a crash due to invalid memory access, which can be a precursor to more severe consequences such as arbitrary code execution in certain contexts.

Reproduction

The vulnerability can be reproduced by compiling Vim's XXD utility with debugging symbols enabled, and then running it with the autoskip flag on input files that contain specific byte patterns triggering the null-line detection algorithm. This will result in a segmentation fault as the program mishandles memory during the output processing.

Remediation

Users are advised to avoid using the XXD autoskip feature until this vulnerability has been addressed. Once a patch is available, it is recommended to update to the latest version of Vim.