参照: Official debian advisory, NVD, CVE.org · CVE 詳細
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2002-1377 not yet assigned priority: Debian including 1 source packages (vim), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.