How severe is CVE-2024-47814?

This vulnerability has a severity rating of LOW with a CVSS score of 3.9 out of 10.

What type of vulnerability is CVE-2024-47814?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2024-47814 - LOW Severity | CVSS 3.9

Vulnerability Description

Vim is an open source, command line text editor. A use-after-free was found in Vim < 9.1.0764. When closing a buffer (visible in a window) a BufWinLeave auto command can cause an use-after-free if this auto command happens to re-open the same buffer in a new split window. Impact is low since the user must have intentionally set up such a strange auto command and run some buffer unload commands. However this may lead to a crash. This issue has been addressed in version 9.1.0764 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2023-48184

LOW

CVSS:3.9(Low)

QuickJS before 7414e5f has a quickjs.h JS_FreeValueRT use-after-free because of incorrect garbage collection of async functions with closures.

CWE-4162023

CVE-2023-52584

LOW

CVSS:3.8(Low)

In the Linux kernel, the following vulnerability has been resolved: spmi: mediatek: Fix UAF on device remove The pmif driver data that contains the clocks is allocated along with spmi_controller. On d...

CWE-4162023

CVE-2024-3861

MEDIUM

CVSS:4.0(Medium)

If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free. This vulnerability affects Firefox < 125, Firefox ESR < 115...

CWE-4162024

CVE-2025-0240

MEDIUM

CVSS:4.0(Medium)

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6...

CWE-4162025

CVE-2020-25656

MEDIUM

CVSS:4.1(Medium)

A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access o...

CWE-4162020

CVE-2022-1974

MEDIUM

CVSS:4.1(Medium)

A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN ...

CWE-4162022