Jan Minar's test suite  for multiple vim vulnerabilities uncovered an old vim
bug that could trigger a heap buffer overflow in mch_expand_wildcards() in
os_unix.c when file or directory with specially crafted name is opened in vim.
Issue is caused by incorrect computation of memory requirements for buffer to
store external command executed by vim. File / directory name is escaped /
quoted before being passed to an external command, however, possible quoting is
not taken into account when allocating memory.
Issue was introduced in 6.2.429:
and fixed upstream in 6.3.059:
and later re-written for vim 7.0 to use backslash escaping instead of quoting:
For further details, see:
This issue only affects vim packages as shipped in Red Hat Enterprise Linux 3
and 4, which are based on vim 6.3.046.
This issue was addressed in:
Red Hat Enterprise Linux: