CVE-2024-41957

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.1.0647

Description The issue exists due to a double-free error in the src/alloc.c file, specifically in the tagstack clear entry() function. When a window is closed, the corresponding tagstack data is cleared and freed. However, if the quickfix list belonging to that window points to the same tagstack data, Vim will attempt to free it again, resulting in a double-free/use-after-free access exception. The impact is low, as the user must intentionally execute Vim with several non-default flags, but it may cause a crash of Vim.

Recommendations To resolve the issue, update to Vim version 9.1.0647 or later. As a temporary workaround, consider avoiding the use of non-default flags when executing Vim until a patch is applied.

Exploit

Fix

Use After Free

Double Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-415

Related Identifiers

ALT-PU-2024-17009

ALT-PU-2024-17133

ALT-PU-2024-17154

ALT-PU-2024-17456

AZL-47340

AZL-47388

BDU:2024-06478

CVE-2024-41957

ECHO-7439-9991-63CF

GHSA-F9CR-GV85-HCR4

MGASA-2024-0285

OESA-2024-1982

ROSA-SA-2025-2590

USN-6993-1

Affected Products

Alt Linux

Debian

Linuxmint

Apple Macos

Red Os

Ubuntu

Vim

CVE-2024-41957

Weakness Enumeration

Related Identifiers

Affected Products

References · 51