2302419 – (CVE-2024-41965) CVE-2024-41965 vim: Double-Free Vulnerability in Vim Could Cause Application Crashes

Bug 2302419 (CVE-2024-41965) - CVE-2024-41965 vim: Double-Free Vulnerability in Vim Could Cause Application Crashes

Summary: CVE-2024-41965 vim: Double-Free Vulnerability in Vim Could Cause Application ...

Keywords:
Status:	NEW
Alias:	CVE-2024-41965
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2302485 2302486 2302500 2302501
Blocks:
TreeView+	depends on / blocked

Reported:	2024-08-01 22:21 UTC by OSIDB Bzimport
Modified:	2024-10-11 16:17 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-08-01 22:21:38 UTC

Vim is an open source command line text editor. double-free in dialog_changed() in Vim < v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a name yet. However, when setting the buffer name to Unnamed, Vim will falsely free a pointer twice, leading to a double-free and possibly later to a heap-use-after-free, which can lead to a crash. The issue has been fixed as of Vim patch v9.1.0648.

Note You need to log in before you can comment on or make changes to this bug.