CVE-2025-55158
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-08-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vim | vim | From 9.1.1231 (inc) to 9.1.1406 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Vim versions from 9.1.1231 to before 9.1.1406 when processing nested tuples during Vim9 script import operations. An error during evaluation can cause a double-free in Vim's internal typed value management, specifically in the clear_tv() function, which may attempt to free memory that has already been deallocated. This happens due to improper lifetime handling in the handle_import / ex_import code paths. The vulnerability can only be triggered if a user explicitly opens and executes a specially crafted Vim script. It has been fixed in version 9.1.1406.
How can this vulnerability impact me? :
The vulnerability can lead to a double-free memory error, which may cause Vim to crash or behave unpredictably when processing maliciously crafted Vim scripts. This could potentially be exploited to cause denial of service or other unintended behavior when a user opens and executes such scripts.
What immediate steps should I take to mitigate this vulnerability?
Update Vim to version 9.1.1406 or later, as this version contains the patch that fixes the double-free vulnerability. Avoid opening or executing untrusted or specially crafted Vim scripts that could trigger the issue until the update is applied.