PT-2026-52477 · Vim · Vim

Published

2026-06-25

Updated

2026-06-25

CVE-2026-57452

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~~04! or VimCrypt~~05! method (xchacha20poly1305, requires the +sodium feature) whose body is shorter than a single libsodium secretstream header, an unsigned length calculation underflows and a subsequent decryption call reads far past the end of the input buffer, crashing Vim. This vulnerability is fixed in 9.2.0671.

Fix

Out of bounds Read

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-191

Related Identifiers

CVE-2026-57452

Affected Products

Vim

PT-2026-52477 · Vim · Vim

CVE-2026-57452

Weakness Enumeration

Related Identifiers

Affected Products

References · 4