CVE-2026-28418
Heap-Based Buffer Overflow in Vim Tags File Parsing
Publication date: 2026-02-27
Last updated on: 2026-03-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| vim | vim | to 9.2.0074 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow out-of-bounds read in the Vim text editor, specifically in its Emacs-style tags file parsing logic. When Vim processes a malformed tags file, it can be tricked into reading up to 7 bytes beyond the allocated memory boundary. This issue exists in versions prior to 9.2.0074 and was fixed in version 9.2.0074.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized reading of memory beyond the intended buffer, which may expose sensitive information or cause unexpected behavior in Vim. The CVSS score of 4.4 indicates a low to medium severity impact, with potential confidentiality and integrity impacts but no impact on availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Vim to version 9.2.0074 or later, as this version contains the fix for the heap-based buffer overflow in the Emacs-style tags file parsing logic.