VDB

DEBIAN-CVE-2026-28420

DEBIAN-CVE-2026-28420 PUBLISHED CVSS 4.400000095367432 MEDIUM

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

Risk Scores

CVSS 3.1
4.400000095367432
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Affected Products

VendorProductVersions
Debian:11vim9.1.0496-1, 9.1.0377-1, 9.1.0374-1
Debian:12vim9.2.0119-1, *, 0
Debian:14vim2:9.1.1882-1, 2:9.1.1846-1, 2:9.1.1829-1
Debian:13vim*, *, *

Timeline

  • Feb 27, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›