CVE-2016-1248
Publication date 23 November 2016
Last updated 24 July 2024
Ubuntu priority
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened.
From the Ubuntu Security Team
Florian Larysch discovered that the Vim text editor did not properly validate values for the 'filetype', 'syntax', and 'keymap' options. An attacker could trick a user into opening a file with specially crafted modelines and possibly execute arbitrary code with the user's privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| neovim | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| vim | ||
| 16.04 LTS xenial |
Fixed 2:7.4.1689-3ubuntu1.2
|
|
| 14.04 LTS trusty |
Fixed 2:7.4.052-1ubuntu3.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.8 · High
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-3139-1
- Vim vulnerability
- 29 November 2016
Other references
- http://openwall.com/lists/oss-security/2016/11/22/20
- https://anonscm.debian.org/cgit/pkg-vim/vim.git/tree/debian/changelog
- https://github.com/vim/vim/releases/tag/v8.0.0056
- https://lists.debian.org/debian-lts-announce/2016/11/msg00025.html
- https://lists.debian.org/debian-security-announce/2016/msg00305.html
- https://www.cve.org/CVERecord?id=CVE-2016-1248