Alpine: gvim, multiple vim packages, xxd: security update to 9.1.1105-r0

medium Tenable Cloud Security Plugin ID 424660

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In
silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode.
However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim
by feeding some binary characters to Vim. The function that handles the scrolling however may be
triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been
allocated (since there is no screen). This vulnerability is fixed in 9.1.1043. (CVE-2025-24014)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-24014

Plugin Details

Severity: Medium

ID: 424660

Version: Revision 1.6

Type: Local

Published: 4/4/2025

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.9

Percentile: 52.58

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:S/C:P/I:P/A:C

CVSS Score Source: CVE-2025-24014

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 1/14/2025

Reference Information

CVE: CVE-2025-24014

IAVA: 2025-A-0055-S