Home

CVE-2016-1248

Description

vim before patch 8.0.0056 does not properly validate values for the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
15.939

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-1248,CVE-2017-5953 are affected in Vim 8.0.0055Windows
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.3.429-2ubuntu2.2_i386.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.3.429-2ubuntu2.2_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.052-1ubuntu3.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.052-1ubuntu3.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.1689-3ubuntu1.2_i386.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.1689-3ubuntu1.2_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.1829-1ubuntu2.1_i386.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim_7.4.1829-1ubuntu2.1_amd64.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim-gui-common_7.3.429-2ubuntu2.2_all.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim-gui-common_7.4.1689-3ubuntu1.2_all.debLinux
Vi IMproved - enhanced vi editor (USN-3139-1) vim-gui-common_7.4.1829-1ubuntu2.1_all.debLinux
vim security update(DSA-3722-1) vim_7.4.488-7+deb8u1_kfreebsd-i386.debLinux
vim security update(DSA-3722-1) vim_7.4.488-7+deb8u1_kfreebsd-amd64.debLinux
Vim security update (CESA-2016:2972) vim-X11-7.4.629-5.el6_8.1.i686.rpmLinux
Vim security update (CESA-2016:2972) vim-X11-7.4.629-5.el6_8.1.x86_64.rpmLinux
Vim security update (CESA-2016:2972) vim-common-7.4.629-5.el6_8.1.i686.rpmLinux
Vim security update (CESA-2016:2972) vim-common-7.4.629-5.el6_8.1.x86_64.rpmLinux
Vim security update (CESA-2016:2972) vim-minimal-7.4.629-5.el6_8.1.i686.rpmLinux
Vim security update (CESA-2016:2972) vim-minimal-7.4.629-5.el6_8.1.x86_64.rpmLinux
Vim security update (CESA-2016:2972) vim-enhanced-7.4.629-5.el6_8.1.i686.rpmLinux
Vim security update (CESA-2016:2972) vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpmLinux
Vim security update (CESA-2016:2972) vim-filesystem-7.4.629-5.el6_8.1.i686.rpmLinux
Vim security update (CESA-2016:2972) vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-X11-7.4.160-1.el7_3.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-X11-7.4.629-5.el6_8.1.i686.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-X11-7.4.629-5.el6_8.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-common-7.4.160-1.el7_3.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-common-7.4.629-5.el6_8.1.i686.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-common-7.4.629-5.el6_8.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-enhanced-7.4.160-1.el7_3.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-enhanced-7.4.629-5.el6_8.1.i686.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-filesystem-7.4.160-1.el7_3.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-filesystem-7.4.629-5.el6_8.1.i686.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-minimal-7.4.160-1.el7_3.1.x86_64.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-minimal-7.4.629-5.el6_8.1.i686.rpmLinux
(RHSA-2016:2972) Moderate: vim security update vim-minimal-7.4.629-5.el6_8.1.x86_64.rpmLinux
SUSE-SU-2016:2942-1(SUSE Linux Enterprise Desktop 12-SP1 ) gvim-7.4.326-7.1.x86_64.rpmLinux
SUSE-SU-2016:2942-1(SUSE Linux Enterprise Desktop 12-SP1 ) gvim-debuginfo-7.4.326-7.1.x86_64.rpmLinux
SUSE-SU-2016:2942-1(SUSE Linux Enterprise Desktop 12-SP1 ) vim-data-7.4.326-7.1.noarch.rpmLinux
SUSE-SU-2016:2942-1(SUSE Linux Enterprise Desktop 12-SP1 ) vim-debuginfo-7.4.326-7.1.x86_64.rpmLinux
SUSE-SU-2016:2942-1(SUSE Linux Enterprise Desktop 12-SP1 ) vim-debugsource-7.4.326-7.1.x86_64.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-X11-7.4.629-5.el6_8.1.i686.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-X11-7.4.629-5.el6_8.1.x86_64.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-common-7.4.629-5.el6_8.1.i686.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-common-7.4.629-5.el6_8.1.x86_64.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-enhanced-7.4.629-5.el6_8.1.i686.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-enhanced-7.4.629-5.el6_8.1.x86_64.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-filesystem-7.4.629-5.el6_8.1.i686.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-filesystem-7.4.629-5.el6_8.1.x86_64.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-minimal-7.4.629-5.el6_8.1.i686.rpmLinux
(CESA-2016:2972) Moderate: vim security update vim-minimal-7.4.629-5.el6_8.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) gvim-debuginfo-9.0.0814-17.9.1.x86_64.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-data-common-9.0.0814-17.9.1.noarch.rpmLinux
SUSE-SU-2022:4619-1(SUSE Linux Enterprise Server 12-SP5 ) vim-debugsource-9.0.0814-17.9.1.x86_64.rpmLinux
Improper Input Validation Vulnerability (CVE-2016-1248)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234