1. 漏洞描述

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems.

Security Fix(es):

When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003(CVE-2025-22134)

2. 影响范围

3. 影响组件

4. 修复版本

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.4-5A:

x86_64:

     vim-filesystem   

     vim-X11   

     vim-common   

     vim-enhanced   

     vim-minimal   

aarch64:

     vim-filesystem   

     vim-X11   

     vim-common   

     vim-enhanced   

     vim-minimal   

V6:

x86_64:

     vim-filesystem   

     vim-X11   

     vim-common   

     vim-enhanced   

     vim-minimal   

aarch64:

     vim-filesystem   

     vim-X11   

     vim-common   

     vim-enhanced   

     vim-minimal