๐Ÿ” CVE Alert

CVE-2026-59857

UNKNOWN 0.0

Vim: Out-of-bounds Write in SAL Soundfolding

CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
3th

Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word through a spell file's SAL sound-folding rules into a caller-owned result buffer, but its result writes are guarded with reslen < MAXWLEN, allowing reslen to reach MAXWLEN before res[reslen] = NUL writes one byte past the end of the MAXWLEN-element stack buffer. A boundary-length word passed to soundfold(), or reached via sound-based spell suggestion while a SAL-based spell language is active under a non-multibyte 8-bit encoding, can corrupt the eval_soundfold() stack frame and crash the editor. This issue is fixed in version 9.2.0725.

CWE CWE-787
Vendor vim
Product vim
Published Jul 9, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for vim vim

Be the first to know when new unknown vulnerabilities affecting vim vim are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

vim / vim
< 9.2.0725

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/vim/vim/security/advisories/GHSA-m3hf-xcm3-xhm2 github.com: https://github.com/vim/vim/commit/d22ff1c955ff87e8273210eae125aab0e85b6c30