sublimetext 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー and vendor risk denial of service に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で アプリケーションクラッシュ and vendor impact memory corruption などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-65741 | Sublime Text 3 Build 3208 or prior for MacOS is vulnerable to Dylib Injection. An attacker could compile a .dylib file and force the execution of this library in the context of the Sublime Text application. | [email protected] | 9.8 | 0.06% | 2025-12-09 | 2026-01-02 |
| CVE-2019-9116 | DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublime_text.exe to open a .txt file within an attacker's %LOCALAPPDATA%\Temp\sublime_text folder. NOTE: the vendor's position is "This does not appear to be a bug with Sublime Text, but rather one with Windows that has been patched. | [email protected] | 7.8 | 0.20% | 2019-02-25 | 2024-11-21 |
| CVE-2017-8368 | Sublime Text 3 Build 3126 allows user-assisted attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as demonstrated by Ctrl-A, Delete, and Ctrl-Z. | [email protected] | 7.8 | 0.19% | 2017-07-05 | 2026-05-13 |