neovim

mirror of https://github.com/neovim/neovim.git synced 2026-03-28 19:32:01 +00:00

Files

zeertzjq 7e8bdd348c vim-patch:9.2.0077: [security]: Crash when recovering a corrupted swap file (#38104 )

Problem:  memline: a crafted swap files with bogus pe_page_count/pe_bnum
          values could cause a multi-GB allocation via mf_get(), and
          invalid pe_old_lnum/pe_line_count values could cause a SEGV
          when passed to readfile() (ehdgks0627, un3xploitable)
Solution: Add bounds checks on pe_page_count and pe_bnum against
          mf_blocknr_max before descending into the block tree, and
          validate pe_old_lnum >= 1 and pe_line_count > 0 before calling
          readfile().

Github Advisory:
https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p

65c1a143c3

Co-authored-by: Christian Brabandt <cb@256bit.org>

2026-02-28 04:33:47 +00:00

box.txt

vim-patch:9.0.2134: ml_get error when scrolling (#26264 )

2023-11-29 13:24:24 +08:00

buffer-test.txt

vim-patch:9.1.2028: [security]: Buffer-overflow with incomplete multi-byte chars (#37133 )

2025-12-28 00:37:55 +00:00

evil.tar

vim-patch:9.1.1552: [security]: path traversal issue in tar.vim

2025-07-18 08:40:23 +08:00

evil.zip

vim-patch:9.1.1551: [security]: path traversal issue in zip.vim (#34951 )