HCE1-SA-2023-0072 Critical HCE 1.1 Security Fix(es): Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution (CVE-2022-1629) vim is vulnerable to Heap-based Buffer Overflow (CVE-2021-3872) vim is vulnerable to Out-of-bounds Read (CVE-2021-4193) vim is vulnerable to Use After Free (CVE-2021-4069) vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow. (CVE-2017-5953) An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows. (CVE-2017-6350) Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. (CVE-2022-2125) Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. (CVE-2022-0351) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2126) fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382. (CVE-2017-17087) Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. (CVE-2022-2183) vim is vulnerable to Use After Free (CVE-2021-3974) HCE 1.1 vim-common-7.4.629-12.hce1c.x86_64.rpm vim-enhanced-7.4.629-12.hce1c.x86_64.rpm vim-filesystem-7.4.629-12.hce1c.x86_64.rpm vim-minimal-7.4.629-12.hce1c.x86_64.rpm