CVE-2026-45130
MediumCVSS 6.6Exploitation Probability (EPSS)
Low risk0th percentile - higher than 0% of all known CVEs
Summary
In the Vim text editor prior to version 9.2.0450, a heap buffer overflow exists in read_compound() when loading a crafted spell file (.spl) with UTF-8 encoding active. A malicious file can exploit an attacker-controlled length field, leading to buffer overflow.
Risk Assessment
An attacker could exploit this vulnerability to execute malicious code, posing a serious security threat to the system, especially if a malicious .spl file is placed on the runtime path.
Recommendation
It is recommended to upgrade to version 9.2.0450 or later to mitigate this vulnerability. Additionally, avoid loading .spl files from untrusted sources.
Original NVD description (English source)
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.

