CVE-2025-9390
Vulnerability
CVE-2025-9390
vim: vim xxd xxd.c main buffer overflow
ecosystem: redhat:6, redhat:7, redhat:8, redhat:9A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.
References
- secalert@redhat.com: https://access.redhat.com/security/cve/CVE-2025-9390
- secalert@redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2390603
- secalert@redhat.com: https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing
- secalert@redhat.com: https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0
- secalert@redhat.com: https://github.com/vim/vim/issues/17944
- secalert@redhat.com: https://github.com/vim/vim/pull/17947
- secalert@redhat.com: https://github.com/vim/vim/releases/tag/v9.1.1616
- secalert@redhat.com: https://nvd.nist.gov/vuln/detail/CVE-2025-9390
- secalert@redhat.com: https://vuldb.com/?ctiid.321223
- secalert@redhat.com: https://vuldb.com/?id.321223
- secalert@redhat.com: https://vuldb.com/?submit.630903
- secalert@redhat.com: https://www.cve.org/CVERecord?id=CVE-2025-9390
type: vendor
source: secalert@redhat.com
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
| AV | Local | |
|---|---|---|
| AC | Low | |
| PR | Low | |
| UI | None | |
| S | Not Changed | |
| C | None | |
| I | Low | |
| A | Low |
source: secalert@redhat.com
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
source: secalert@redhat.com
published: 2025-08-24 14:02:09
modified: 2025-08-31 06:22:55
Detection
OR
vim
package type: source
tag: rhel-6-els:4308e15c-2db2-f412-2d39-f642ed6f52e8
OR
vim
package type: source
tag: rhel-7-extras-including-unpatched:43106750-13b2-f412-2d39-f6453fc71339
OR
vim
package type: source
tag: rhel-8-including-unpatched:4352e74a-89b2-f412-2d39-f659a5bb2ad2
OR
vim
package type: source
tag: rhel-9-including-unpatched:435a920a-57b2-f412-2d39-f65c0742514b
Data Sources
- RedHat Enterprise Linux CSAF VEX
redhat-vex
