How severe is CVE-2024-45306?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-45306?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2024-45306 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. Back then we assumed this loop is unnecessary. However, this change made it possible that the cursor position stays invalid and points beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position. It's not quite clear yet, what can lead to this situation that the cursor points to an invalid position. That's why patch v9.1.0707 does not include a test case. The only observed impact has been a program crash. This issue has been addressed in with the patch v9.1.0707. All users are advised to upgrade.

Related Vulnerabilities

CVE-2019-14814

MEDIUM

CVSS:5.5(Medium)

There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system cra...

CWE-1222019

CVE-2019-14816

MEDIUM

CVSS:5.5(Medium)

There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or...

CWE-1222019

CVE-2020-25665

MEDIUM

CVSS:5.5(Medium)

The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in...

CWE-1222020

CVE-2020-25667

MEDIUM

CVSS:5.5(Medium)

TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a craf...

CWE-1222020

CVE-2020-25674

MEDIUM

CVSS:5.5(Medium)

WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible fo...

CWE-1222020

CVE-2020-27829

MEDIUM

CVSS:5.5(Medium)

A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

CWE-1222020