Description
Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.
Published: 2026-02-27
Score: 4.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Heap-based buffer overflow in Vim's Emacs tags parsing
Action: Update Vim
AI Analysis

Impact

Vim versions prior to 9.2.0074 contain a heap‑based buffer overflow that occurs when parsing Emacs‑style tags files. A malformed tags file can cause Vim to read up to seven bytes beyond the allocated memory boundary. The description does not confirm code execution, but reads beyond the boundary could lead to information leakage or instability.

Affected Systems

The vulnerability affects the Vim text editor by the Vim project. All releases before Vim 9.2.0074 are impacted; versions 9.2.0074 and later include the fix.

Risk and Exploitability

The CVSS score of 4.4 indicates a moderate severity, and the EPSS score of less than 1% reflects a low probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local; an attacker must supply a crafted tags file when running Vim. The buffer overflow is a read out‑of‑bounds, so the attack requires local access to execute the program with the malicious file. No remote exploitation path is documented, and the risk remains moderate given the low exploitation probability.

Generated by OpenCVE AI on April 18, 2026 at 10:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Vim 9.2.0074 release, which patches the heap‑based buffer overflow (CWE‑122) and the out‑of‑bounds read (CWE‑125) in Emacs‑style tags parsing.
  • When Vim must process tags files from untrusted sources, enforce strict input validation and size limits on the tags file before parsing to mitigate the CWE‑122 and CWE‑125 weaknesses; or disable automatic tags parsing for such sources.
  • After the update, check Vim’s configuration to prevent automatic loading of tags files from external or potentially attacker‑controlled locations, reducing the risk of these heap and read overflows.

Generated by OpenCVE AI on April 18, 2026 at 10:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 03 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Vendors & Products Vim
Vim vim

Sat, 28 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 28 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
References

Fri, 27 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.
Title Vim has Heap-based Buffer Overflow in Emacs tags parsing
Weaknesses CWE-122
CWE-125
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Vim Vim
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-02T21:52:42.959Z

Reserved: 2026-02-27T15:33:57.290Z

Link: CVE-2026-28418

cve-icon Vulnrichment

Updated: 2026-02-28T00:15:32.223Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T22:16:25.003

Modified: 2026-03-03T17:49:55.213

Link: CVE-2026-28418

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-27T21:58:37Z

Links: CVE-2026-28418 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T10:15:25Z

Weaknesses