FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-07 08:40:34 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2ec7816d-fdb7-11ef-91ff-b42e991fc52e	vim -- Improper Input Validation in Vim security-advisories@github.com reports: Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL). Discovery 2025-03-03 Entry 2025-03-10 vim < 9.1.1164 vim-gtk2 < 9.1.1164 vim-gtk3 < 9.1.1164 vim-motif < 9.1.1164 vim-tiny < 9.1.1164 vim-x11 < 9.1.1164 CVE-2025-27423 https://nvd.nist.gov/vuln/detail/CVE-2025-27423

VuXML ID

Description

2ec7816d-fdb7-11ef-91ff-b42e991fc52e

vim -- Improper Input Validation in Vim

security-advisories@github.com reports:

Vim is distributed with the tar.vim plugin, that allows easy editing and viewing of (compressed or uncompressed) tar files. Starting with 9.1.0858, the tar.vim plugin uses the ":read" ex command line to append below the cursor position, however the is not sanitized and is taken literally from the tar archive. This allows to execute shellcommands via special crafted tar archives. Whether this really happens, depends on the shell being used ('shell' option, which is set using $SHELL).

Discovery 2025-03-03
Entry 2025-03-10
vim

< 9.1.1164

vim-gtk2

< 9.1.1164

vim-gtk3

< 9.1.1164

vim-motif

< 9.1.1164

vim-tiny

< 9.1.1164

vim-x11

< 9.1.1164

CVE-2025-27423
https://nvd.nist.gov/vuln/detail/CVE-2025-27423