VDB
ALPINE-CVE-2019-12735
ALPINE-CVE-2019-12735
PUBLISHED
CVSS 8.600000381469727 HIGH
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim.
Risk Scores
CVSS v3.0
8.600000381469727
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.10 | vim | 7.4.861-r0, 7.3.1136-r0, 7.3.112-r0 |
| Alpine:v3.21 | vim | 7.2.284-r0, 7.4.861-r0, 7.4.861-r1 |
| Alpine:v3.17 | vim | 8.1.0115-r0, 8.1.1364-r0, 8.1.1075-r1 |
| Alpine:v3.20 | vim | 8.0.0003-r0, 0, 8.1.1364-r0 |
| Alpine:v3.22 | vim | 7.4.943-r1, 7.3.1136-r0, 7.3.112-r1 |
| Alpine:v3.12 | vim | 7.3.1136-r0, 7.2.394-r0, 7.2.394-r1 |
| Alpine:v3.15 | vim | 0, 7.3.198-r0, 7.3.154-r0 |
| Alpine:v3.9 | vim | 8.0.1424-r1, 8.1.0630-r0, 8.1.0115-r0 |
| Alpine:v3.14 | vim | 7.4.943-r2, 7.3.266-r0, 7.3.206-r0 |
| Alpine:v3.18 | vim | 0, 0, 7.2.394-r0 |
| Alpine:v3.19 | vim | 8.0.0056-r0, 8.0.0027-r0, 8.0.0008-r0 |
| Alpine:v3.13 | vim | 7.4.943-r2, 8.1.1364-r0, 8.1.1075-r1 |
| Alpine:v3.23 | vim | 8.0.1240-r0, 7.3.1070-r0, 7.4-r1 |
| Alpine:v3.7 | vim | 7.4.1831-r1, 7.3-r0, 7.3.364-r0 |
| Alpine:v3.11 | vim | 7.4.943-r1, 8.1.1364-r0, 8.1.1075-r1 |
| Alpine:v3.8 | vim | 8.0.0460-r0, 8.1.0115-r0, 8.1.0077-r0 |
| Alpine:v3.16 | vim | 7.3.112-r0, 7.3.206-r0, 7.4.712-r0 |
Timeline
- Jun 5, 2019 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch