vim: Tree length values not validated properly when handling a spell file (CVE-2017-5953)
vim before patch 8.0.0322 does not properly validate values for tree
length when handling a spell file, which may result
in an integer overflow at a memory allocation site and a resultant
buffer overflow.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5953
Patch:
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
(from redmine: issue id 6861, created on 2017-02-15, closed on 2017-02-16)
- Relations:
- child #6862 (closed)
- child #6863 (closed)
- child #6864 (closed)
- child #6865 (closed)
- child #6866 (closed)