out-of-bounds read in gchar_cursor() in misc1.c (CVE-2022-1851) use-after-free in find_pattern_in_path() in search.c (CVE-2022-1898) out-of-bounds write in vim_regsub_both() in regexp.c (CVE-2022-1897) buffer over-read in utf_ptr2char() in mbyte.c (CVE-2022-1927 ) out of bounds write in vim_regsub_both() (CVE-2022-1942) heap-based buffer overflow in function utf_head_off (CVE-2022-1886)