PT-2026-42765 · Vifm · Vifm
CVSS v4.0
4.8
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
vifm versions 0.12.1 through 0.14.3
Description
A heap buffer overflow occurs during the history merge process when saving the state file (vifminfo.json). This is caused by a lack of runtime checks on the length of history entries in release builds, which may allow a crafted long path or command in the history to cause memory corruption or application crashes. A heap buffer overflow is a memory corruption issue that happens when a program writes more data to a heap-allocated memory block than it can hold.
Recommendations
Update to the version containing commit 23063c7.
Exploit
Fix
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vifm