| Package | vim |
|---|---|
| Version | 2:7.4.488-7+deb8u12 (jessie), 2:8.0.0197-4+deb9u12 (stretch), 2:8.1.0875-5+deb10u7 (buster) |
| Related CVEs | CVE-2023-4738 CVE-2023-5344 CVE-2024-22667 CVE-2024-43802 CVE-2024-47814 |
Multiple vulnerabilities have been fixed in the editor vim.
CVE-2023-4738
buffer-overflow in vim_regsub_both()
CVE-2023-5344
buffer-overflow in trunc_string()
CVE-2024-22667
stack-buffer-overflow in option callback functions
CVE-2024-43802
heap-buffer-overflow in ins_typebuf()
CVE-2024-47814
use-after-free when closing a buffer
For Debian 10 buster, these problems have been fixed in version 2:8.1.0875-5+deb10u7.
For Debian 8 jessie, these problems have been fixed in version 2:7.4.488-7+deb8u12.
For Debian 9 stretch, these problems have been fixed in version 2:8.0.0197-4+deb9u12.
We recommend that you upgrade your vim packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.