ALPINE-CVE-2017-5953 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2017-5953 PUBLISHED CVSS 9.800000190734863 CRITICAL

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.22	vim	8.0.0187-r0, 7.3.154-r0, 7.3.1136-r0
Alpine:v3.12	vim	0, 7.2.284-r0, 7.2.394-r0
Alpine:v3.10	vim	8.0.0187-r0, 7.2.284-r0, 7.2.394-r0
Alpine:v3.13	vim	0, 7.2.284-r0, 7.2.394-r0
Alpine:v3.19	vim	7.4.1591-r0, 0, 7.2.284-r0
Alpine:v3.20	vim	7.4.712-r0, 7.4.2028-r0, 7.4.1831-r1
Alpine:v3.2	vim	7.3.434-r0, 7.3.003-r0, 7.3-r0
Alpine:v3.17	vim	7.4.712-r1, 7.4.712-r0, 7.4.2028-r0
Alpine:v3.4	vim	7.3.364-r0, 7.4.943-r1, 7.4.943-r0
Alpine:v3.8	vim	8.0.0056-r0, 0, 7.2.284-r0
Alpine:v3.14	vim	8.0.0187-r0, 7.2.284-r0, 7.2.394-r0
Alpine:v3.21	vim	7.3.198-r0, 0, 7.2.284-r0
Alpine:v3.11	vim	8.0.0187-r0, 8.0.0178-r0, 8.0.0056-r0
Alpine:v3.9	vim	7.4-r3, 7.2.284-r0, 7.2.394-r0
Alpine:v3.16	vim	7.4.712-r0, 0, 8.0.0187-r0
Alpine:v3.3	vim	7.2.411-r0, 0, 7.2.284-r0
Alpine:v3.15	vim	7.4-r1, 7.3.401-r0, 7.3.364-r0
Alpine:v3.5	vim	7.3.515-r0, 7.3.547-r0, 7.3.600-r0
Alpine:v3.18	vim	7.2.284-r0, 8.0.0187-r0, 8.0.0178-r0
Alpine:v3.7	vim	0, 7.2.284-r0, 7.2.394-r0

…and 2 more

Timeline

Feb 10, 2017 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-5953 advisory

Open in Interactive Console →