2443484 – (CVE-2026-28420) CVE-2026-28420 vim: Vim: Information disclosure and denial of service via crafted Unicode characters in terminal emulator

Bug 2443484 (CVE-2026-28420) - CVE-2026-28420 vim: Vim: Information disclosure and denial of service via crafted Unicode characters in terminal emulator

Summary: CVE-2026-28420 vim: Vim: Information disclosure and denial of service via cra...

Keywords:
Status:	NEW
Alias:	CVE-2026-28420
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2443790 2443487 2443490
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-27 23:02 UTC by OSIDB Bzimport
Modified:	2026-03-02 11:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-27 23:02:50 UTC

Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.