CVE-2024-41965

CVSS v3.1

4.2

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.0648

Description The issue arises from a double-free error in the dialog changed() function when abandoning a buffer. If a user chooses to save a modified buffer without a name, Vim may create a new Untitled file. However, when setting the buffer name to Unnamed, Vim falsely frees a pointer twice, leading to a double-free and possibly a heap-use-after-free, which can cause a crash.

Recommendations For versions prior to 9.1.0648, update to Vim patch v9.1.0648 or later to resolve the issue.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALT-PU-2024-17009

ALT-PU-2024-17133

ALT-PU-2024-17154

ALT-PU-2024-17456

AZL-47355

AZL-47391

BDU:2024-06299

CVE-2024-41965

ECHO-9D28-4449-272C

GHSA-46PW-V7QW-XC2F

OESA-2024-1982

ROSA-SA-2025-2590

SUSE-SU-2025:02226-1

SUSE-SU-2025:02227-1

SUSE-SU-2025:02228-1

SUSE-SU-2025_02226-1

SUSE-SU-2025_02227-1

SUSE-SU-2025_02228-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Vim

CVE-2024-41965

Weakness Enumeration

Related Identifiers

Affected Products

References · 41