VDB
DEBIAN-CVE-2026-28420
DEBIAN-CVE-2026-28420
PUBLISHED
CVSS 4.400000095367432 MEDIUM
Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.
Risk Scores
CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | vim | 9.1.0496-1, 9.1.0377-1, 9.1.0374-1 |
| Debian:12 | vim | 9.2.0119-1, *, 0 |
| Debian:14 | vim | 2:9.1.1882-1, 2:9.1.1846-1, 2:9.1.1829-1 |
| Debian:13 | vim | *, *, * |
Timeline
- Feb 27, 2026 CVE Published
- Apr 28, 2026 CVE Updated