Key Vulnerability Information Title: Heap-based Buffer Underflow in Emacs tags parsing affects Vim < 9.2.0075 Severity: Moderate CVE: CVE-2026-28419 CVSS v3.1 Score: 5.3/10 CVSS v3 Base Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Confidentiality, Integrity, Availability: Low CWEs: - CWE-124: Heap-based Buffer Underflow - CWE-125: Out-of-bounds Read Affected Versions: < 9.2.0075 Patched Versions: 9.2.0075 Summary A heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Impact An attacker can induce a user to perform a tag lookup using a crafted Emacs tags file, triggering a 1-byte out-of-bounds read leading to a crash (Denial of Service). References The issue has been fixed as part of Vim patch v9.2.0075.