A vulnerability has been found in Vim and gVim concerning how certain modeline options are treated.
Package | app-editors/vim on all architectures |
---|---|
Affected versions | < 8.1.1486 |
Unaffected versions | >= 8.1.1486 |
Package | app-editors/gvim on all architectures |
---|---|
Affected versions | < 8.1.1486 |
Unaffected versions | >= 8.1.1486 |
Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim.
It was found that the :source!
command was not restricted by
the sandbox mode. If modeline was explicitly enabled, opening a specially
crafted text file in vim could result in arbitrary command execution.
A remote attacker could entice a user to open a specially crafted file using Vim or gVim, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
All Vim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-8.1.1486"
All gVim users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-8.1.1486"
Release date
March 12, 2020
Latest revision
March 12, 2020: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries