Yanju Chen

Name of the Vulnerable Software and Affected Versions: Vim versions 9.1.1231 through 9.1.1399 Description: Vim is a command line text editor. An error during evaluation when processing nested tuples in Vim script can trigger a use-after-free in Vim’s internal tuple reference management. The `tuple unref()` function may access already freed memory due to improper lifetime handling, leading to memory corruption. The exploit requires direct user interaction, as the script must be explicitly executed within Vim. Recommendations: Update to Vim version 9.1.1400 or later.

Name of the Vulnerable Software and Affected Versions: Vim versions 9.1.1231 through 9.1.1405 Description: Vim is a command line text editor. Versions from 9.1.1231 to before 9.1.1406 contain a flaw where processing nested tuples during Vim9 script import operations can trigger a double-free in Vim’s internal typed value (typval T) management. Specifically, the `clear tv()` function may attempt to free already deallocated memory due to improper lifetime handling in the `handle import` / `ex import` code paths. This issue is triggered when a user opens and executes a specially crafted Vim script. Recommendations: Update to Vim version 9.1.1406 or later.