Source: vim Version: 2:9.1.1385-1 Severity: grave Tags: security upstream experimental Justification: user security hole X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for vim. CVE-2025-55157[0]: | Vim is an open source, command line text editor. In versions from | 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim | script, an error during evaluation can trigger a use-after-free in | Vim’s internal tuple reference management. Specifically, the | tuple_unref() function may access already freed memory due to | improper lifetime handling, leading to memory corruption. The | exploit requires direct user interaction, as the script must be | explicitly executed within Vim. This issue has been patched in | version 9.1.1400. CVE-2025-55158[1]: | Vim is an open source, command line text editor. In versions from | 9.1.1231 to before 9.1.1406, when processing nested tuples during | Vim9 script import operations, an error during evaluation can | trigger a double-free in Vim’s internal typed value (typval_T) | management. Specifically, the clear_tv() function may attempt to | free memory that has already been deallocated, due to improper | lifetime handling in the handle_import / ex_import code paths. The | vulnerability can only be triggered if a user explicitly opens and | executes a specially crafted Vim script. This issue has been patched | in version 9.1.1406. Those affect only the current version in experiemntal, so RC severity to make sure they are addressed with or along with the move of vim to unstable. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-55157 https://www.cve.org/CVERecord?id=CVE-2025-55157 [1] https://security-tracker.debian.org/tracker/CVE-2025-55158 https://www.cve.org/CVERecord?id=CVE-2025-55158 Regards, Salvatore
