Vifm Heap Buffer Overflow Vulnerability in History Merge Process

A heap buffer overflow vulnerability has been identified in Vifm versions 0.12.1 through 0.14.3. The issue arises during the history merge process when saving the state file 'vifminfo.json'. The vulnerability exists because the application does not perform a runtime check on the length of history entries in release builds. This oversight could allow a crafted long path or command in the history to cause memory corruption or application crashes.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, which can commonly result in memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by creating a history entry with a deliberately long path or command that exceeds the normal length limits. When Vifm saves the state file 'vifminfo.json', the application will merge the history entries. The lack of proper length checks in the trie implementation will cause the buffer overflow, as the trie node storage will be overwritten with the excessive data. This can be verified by using Vifm's functionality to manage and save history entries, ensuring that the crafted entry is included in the merge process.

Remediation

Users can update to Vifm version 0.14.4 or later, where this vulnerability has been fixed.