← volver
CVE-2026-8997

Heap Buffer Overflow in vifm

CVSS 4.8 MEDIUMEPSS 0.1%CWE-122
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
22 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the history to cause memory corruption or application crashes. Releases from 0.12.1 to 0.14.3 (including) are considered vulnerable. This issue was fixed in commit 23063c7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Productos afectados
vifm · vifm