CVE-2026-28419

EUVD-2026-9087
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.
Buffer Underflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
vimvim
𝑥
< 9.2.0075
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bookworm
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
2:9.2.0524-1
fixed
sid
2:9.2.0782-1
fixed
trixie
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gvim
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
vim
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-data-common
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 12 SP3
9.2.0110-17.59.1
fixed
suse enterprise server 12 SP5
9.2.0110-17.59.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
vim-small
suse enterprise desktop 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise sap 15 SP7
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP4
9.2.0110-150000.5.86.1
fixed
suse enterprise server 15 SP5
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP6
9.2.0110-150500.20.43.1
fixed
suse enterprise server 15 SP7
9.2.0110-150500.20.43.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
vim-common
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-data
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-debuginfo
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-debugsource
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-default-editor
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-enhanced
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-enhanced-debuginfo
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-filesystem
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-minimal
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
vim-minimal-debuginfo
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
xxd
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
xxd-debuginfo
Amazon Linux 2023
2:9.2.240-1.amzn2023.0.2
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
vim
Azure Linux 3.0
0:9.2.0088-1.azl3
fixed
CBL-Mariner 2.0
0:9.2.0088-1.cm2
fixed