FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vim -- arbitrary command execution

Affected packages
vim < 8.0.0056
vim-console < 8.0.0056
vim-lite < 8.0.0056
neovim < 0.1.7

Details

VuXML ID c11629d3-c8ad-11e6-ae1b-002590263bf5
Discovery 2016-11-22
Entry 2016-12-23

Mitre reports:

vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

References

Bugtraq ID 94478
CVE Name CVE-2016-1248
URL https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
URL https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a