A vulnerability, which was classified as critical , has been found in vifm up to 0.14.3 . This affects an unknown part of the file vifminfo.json . This manipulation causes heap-based buffer overflow. This vulnerability is handled as CVE-2026-8997 . It is possible to launch the attack on the local host. There is not any exploit available. It is advisable to upgrade the affected component.