QID 356776

vim is an open source command line text editor.
When closing a window, vim may try to access already freed window structure.
Exploitation beyond crashing the application has not been shown to be viable.
This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106.
Users are advised to upgrade.
There are no known workarounds for this vulnerability. (
( CVE-2023-48231) vim is an open source command line text editor.
A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the n flag.
This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the cpo setting includes the n flag.
Only users with non-default settings are affected and the exception should only result in a crash.
This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107.
( CVE-2023-48232) vim is an open source command line text editor.
If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large.
Impact is low, user interaction is required and a crash may not even happen in all situations.
This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108.
( CVE-2023-48233) vim is an open source command line text editor.
When getting the count for a normal mode z command, it may overflow for large counts given.
This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.