2443482 – (CVE-2026-28419) CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file

Bug 2443482 (CVE-2026-28419) - CVE-2026-28419 vim: Vim: Information disclosure and denial of service via malformed tags file

Summary: CVE-2026-28419 vim: Vim: Information disclosure and denial of service via mal...

Keywords:
Status:	NEW
Alias:	CVE-2026-28419
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2443486 2443495 2443790
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-27 23:02 UTC by OSIDB Bzimport
Modified:	2026-03-02 11:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-27 23:02:41 UTC

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.