VDB
DEBIAN-CVE-2026-28422
DEBIAN-CVE-2026-28422
PUBLISHED
CVSS 2.200000047683716 LOW
Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.
Risk Scores
CVSS 3.1
2.200000047683716
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | vim | 9.1.0496-1, 9.1.0377-1, 9.1.0374-1 |
| Debian:12 | vim | 9.2.0119-1, 0, 2:9.0.1378-2+deb12u1 |
| Debian:13 | vim | 2:9.1.1230-2, 9.1.1766-1, 9.1.1385-1 |
| Debian:14 | vim | 9.1.2141-1, 9.1.2103-1, 9.1.1882-1 |
Exploit Intelligence
- glcve_test.go (github-poc)
Timeline
- Feb 27, 2026 CVE Published
- Apr 28, 2026 CVE Updated