{"id":"MGASA-2026-0167","summary":"Updated vim packages fix security vulnerabilities","details":"Heap Buffer Overflow in spell file loading affects Vim \u003c 9.2.0450.\n(CVE-2026-45130)\nVimscript Code Injection in netrw NetrwMarkFile() via crafted filename\naffects Vim \u003c 9.2.0480. (CVE-2026-43961)\nCommand Injection in tar.vim affects Vim \u003c 9.2.0479. (CVE-2026-46483)\nVimscript Code Injection in netrw NetrwBookHistSave() via crafted\ndirectory name affects Vim \u003c 9.2.0495.\nVimscript Code Injection in cucumber filetype plugin via crafted\nstep-definition regex affects Vim \u003c 9.2.0496.\n","modified":"2026-05-30T05:33:08.680625791Z","published":"2026-05-30T05:07:56Z","upstream":["CVE-2026-43961","CVE-2026-45130","CVE-2026-46483"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2026-0167.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=35490"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/05/07/9"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/05/14/6"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-2fpv-9ff7-xg5w"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/05/14/7"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-66hr-7p6x-x5j3"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/05/17/3"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-crm5-rh6j-2c7c"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2026/05/17/4"},{"type":"ADVISORY","url":"https://github.com/vim/vim/security/advisories/GHSA-4473-94jm-w5x9"}],"affected":[{"package":{"name":"vim","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/vim?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"9.2.498-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2026-0167.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}