Updated vim packages fix security vulnerabilities
Publication date: 30 May 2026Modification date: 30 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-45130 , CVE-2026-43961 , CVE-2026-46483
Description
Heap Buffer Overflow in spell file loading affects Vim < 9.2.0450.
(CVE-2026-45130)
Vimscript Code Injection in netrw NetrwMarkFile() via crafted filename
affects Vim < 9.2.0480. (CVE-2026-43961)
Command Injection in tar.vim affects Vim < 9.2.0479. (CVE-2026-46483)
Vimscript Code Injection in netrw NetrwBookHistSave() via crafted
directory name affects Vim < 9.2.0495.
Vimscript Code Injection in cucumber filetype plugin via crafted
step-definition regex affects Vim < 9.2.0496.
References
- https://bugs.mageia.org/show_bug.cgi?id=35490
- https://www.openwall.com/lists/oss-security/2026/05/07/9
- https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv
- https://www.openwall.com/lists/oss-security/2026/05/14/6
- https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w
- https://www.openwall.com/lists/oss-security/2026/05/14/7
- https://github.com/vim/vim/security/advisories/GHSA-66hr-7p6x-x5j3
- https://www.openwall.com/lists/oss-security/2026/05/17/3
- https://github.com/vim/vim/security/advisories/GHSA-crm5-rh6j-2c7c
- https://www.openwall.com/lists/oss-security/2026/05/17/4
- https://github.com/vim/vim/security/advisories/GHSA-4473-94jm-w5x9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45130
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-46483
SRPMS
9/core
- vim-9.2.498-1.mga9