Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 25 May 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Vifm
Vifm vifm |
|
| Vendors & Products |
Vifm
Vifm vifm |
Fri, 22 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 22 May 2026 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7 | |
| Title | Heap Buffer Overflow in vifm | |
| Weaknesses | CWE-122 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: CERT-PL
Published:
Updated: 2026-05-22T15:03:29.811Z
Reserved: 2026-05-19T13:33:16.963Z
Link: CVE-2026-8997
Updated: 2026-05-22T15:03:24.979Z
Status : Deferred
Published: 2026-05-22T14:16:30.197
Modified: 2026-06-17T11:04:44.317
Link: CVE-2026-8997
No data.
OpenCVE Enrichment
Updated: 2026-05-25T11:34:20Z