Description
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.
Published: 2026-02-27
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch Now
AI Analysis

Impact

Vim contains a heap‑based buffer underflow in its Emacs‑style tags file parsing. When a malformed tags file has a delimiter at the beginning of a line, Vim reads memory immediately before the allocated buffer, potentially exposing program memory contents or causing a crash. The flaw is a classic buffer underflow and is classified as CWE‑124 and CWE‑125.

Affected Systems

The vulnerability affects all releases of Vim older than version 9.2.0075. Any installation of Vim prior to that patch where it processes Emacs‑style tags files is at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity, and the EPSS score of less than 1 % shows a very low likelihood of exploitation under current conditions. The vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is a local user who can supply or modify a tags file used by Vim, leading to memory disclosure or a denial‑of‑service scenario. While the probability is low, the impact warrants attention.

Generated by OpenCVE AI on April 16, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Vim to version 9.2.0075 or newer in all environments where the editor is used.
  • Remove or sanitize any existing tags files that contain malformed delimiters before opening them with Vim.
  • Run Vim with the least privilege required for the task, and configure it to read tags files only from trusted directories.

Generated by OpenCVE AI on April 16, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 04 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*

Mon, 02 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 02 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Vim
Vim vim
Vendors & Products Vim
Vim vim

Sat, 28 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Sat, 28 Feb 2026 01:30:00 +0000

Type Values Removed Values Added
References

Fri, 27 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Description Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.
Title Vim has Heap-based Buffer Underflow in Emacs tags parsing
Weaknesses CWE-124
CWE-125
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}

Subscriptions

Vim Vim
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-02T21:54:29.733Z

Reserved: 2026-02-27T15:33:57.290Z

Link: CVE-2026-28419

cve-icon Vulnrichment

Updated: 2026-02-28T00:15:33.748Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-27T22:16:25.163

Modified: 2026-03-04T21:22:05.740

Link: CVE-2026-28419

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-27T22:02:55Z

Links: CVE-2026-28419 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T15:15:39Z

Weaknesses