VDB
ALPINE-CVE-2026-28419
ALPINE-CVE-2026-28419
PUBLISHED
CVSS 6.599999904632568 MEDIUM
Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.
Risk Scores
CVSS 3.1
6.599999904632568
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.23 | vim | 0, 7.2.394-r0, 7.2.394-r1 |
Timeline
- Feb 27, 2026 CVE Published
- Apr 30, 2026 Distribution Patch
- Jun 15, 2026 CVE Updated