CVE-2025-26603

Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.1.1115

Description: The issue arises when redirecting the output of the :display command to a register that is being displayed, leading to a use-after-free. This occurs because Vim frees the register content before storing the new content in the register. The check in the ex display() function is not complete, failing to account for the + and * registers, which typically represent the X11/clipboard registers. When a clipboard connection is not possible, these registers fall back to using register 0 instead. As a result, Vim does not check these registers, allowing the vulnerability to occur.

Recommendations: For versions prior to 9.1.1115, users are advised to upgrade to a newer version to resolve the issue. As a temporary workaround, consider avoiding the use of the :redir ex command to redirect screen messages to registers that are being displayed. Additionally, restrict access to the + and * registers when using the :display command to minimize the risk of exploitation. At the moment, there are no known workarounds for this vulnerability other than upgrading to a patched version.