[3.3] vim: Tree length values not validated properly when handling a spell file (CVE-2017-5953)
vim before patch 8.0.0322 does not properly validate values for tree
length when handling a spell file, which may result
in an integer overflow at a memory allocation site and a resultant
buffer overflow.
Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5953
Patch:
https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
(from redmine: issue id 6865, created on 2017-02-15, closed on 2017-02-16)
- Relations:
- parent #6861 (closed)
- Changesets:
- Revision 01f0d4fd by Sergei Lukin on 2017-02-16T11:26:05Z:
main/vim: security fixes #6865
CVE-2017-5953: Tree length values not validated properly when handling a spell file