ALPINE-CVE-2026-25749

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2026-25749

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-25749.json

JSON Data

https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2026-25749

Upstream

CVE-2026-25749

Published

2026-02-06T23:15:54.230Z

Modified

2026-02-11T14:00:34.445228Z

Severity

6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.

References

https://security.alpinelinux.org/vuln/CVE-2026-25749

Affected packages

Alpine:v3.23 / vim

Package

Name: vim
Purl: pkg:apk/alpine/vim?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.1.2132-r0

Affected versions

7.*

7.2.284-r0

7.2.394-r0

7.2.394-r1

7.2.411-r0

7.3-r0

7.3.003-r0

7.3.82-r0

7.3.112-r0

7.3.112-r1

7.3.154-r0

7.3.198-r0

7.3.206-r0

7.3.206-r1

7.3.266-r0

7.3.333-r0

7.3.364-r0

7.3.401-r0

7.3.434-r0

7.3.495-r0

7.3.515-r0

7.3.547-r0

7.3.600-r0

7.3.659-r0

7.3.661-r0

7.3.692-r0

7.3.712-r0

7.3.754-r0

7.3.1070-r0

7.3.1136-r0

7.4-r0

7.4-r1

7.4-r2

7.4-r3

7.4.712-r0

7.4.712-r1

7.4.861-r0

7.4.861-r1

7.4.943-r0

7.4.943-r1

7.4.943-r2

7.4.1225-r0

7.4.1225-r1

7.4.1591-r0

7.4.1831-r0

7.4.1831-r1

7.4.2028-r0

8.*

8.0.0003-r0

8.0.0008-r0

8.0.0027-r0

8.0.0056-r0

8.0.0178-r0

8.0.0187-r0

8.0.0329-r0

8.0.0348-r0

8.0.0349-r0

8.0.0460-r0

8.0.0559-r0

8.0.0594-r0

8.0.0595-r0

8.0.0642-r0

8.0.0972-r0

8.0.0974-r0

8.0.1137-r0

8.0.1171-r0

8.0.1240-r0

8.0.1300-r0

8.0.1359-r0

8.0.1367-r0

8.0.1424-r0

8.0.1424-r1

8.0.1521-r0

8.0.1727-r0

8.1.0022-r0

8.1.0026-r0

8.1.0077-r0

8.1.0115-r0

8.1.0630-r0

8.1.0829-r0

8.1.0829-r1

8.1.1075-r0

8.1.1075-r1

8.1.1364-r0

8.1.1365-r0

8.1.2137-r0

8.1.2137-r1

8.1.2300-r0

8.2.0-r0

8.2.0357-r0

8.2.0735-r0

8.2.1017-r0

8.2.1168-r0

8.2.1353-r0

8.2.1419-r0

8.2.1736-r0

8.2.1843-r0

8.2.1843-r1

8.2.1843-r2

8.2.2013-r0

8.2.2084-r0

8.2.2137-r0

8.2.2303-r0

8.2.2320-r0

8.2.2404-r0

8.2.2559-r0

8.2.2677-r0

8.2.2677-r1

8.2.2800-r0

8.2.2822-r0

8.2.2822-r1

8.2.2852-r0

8.2.2956-r0

8.2.2968-r0

8.2.3082-r0

8.2.3156-r0

8.2.3275-r0

8.2.3300-r0

8.2.3437-r0

8.2.3437-r1

8.2.3500-r0

8.2.3567-r0

8.2.3650-r0

8.2.3779-r0

8.2.3779-r1

8.2.4173-r0

8.2.4350-r0

8.2.4542-r0

8.2.4542-r1

8.2.4619-r0

8.2.4708-r0

8.2.4836-r0

8.2.4969-r0

8.2.5000-r0

8.2.5055-r0

8.2.5170-r0

9.*

9.0.0009-r0

9.0.0050-r0

9.0.0124-r0

9.0.0224-r0

9.0.0234-r0

9.0.0270-r0

9.0.0369-r0

9.0.0437-r0

9.0.0598-r0

9.0.0636-r0

9.0.0693-r0

9.0.0728-r0

9.0.0792-r0

9.0.0815-r0

9.0.0820-r0

9.0.0999-r0

9.0.1085-r0

9.0.1093-r0

9.0.1107-r0

9.0.1128-r0

9.0.1167-r0

9.0.1188-r0

9.0.1198-r0

9.0.1215-r0

9.0.1251-r0

9.0.1261-r0

9.0.1291-r0

9.0.1294-r0

9.0.1304-r0

9.0.1313-r0

9.0.1313-r1

9.0.1337-r0

9.0.1337-r1

9.0.1395-r0

9.0.1413-r0

9.0.1440-r0

9.0.1440-r1

9.0.1440-r2

9.0.1482-r0

9.0.1495-r0

9.0.1506-r0

9.0.1520-r0

9.0.1558-r0

9.0.1568-r0

9.0.1607-r0

9.0.1632-r0

9.0.1676-r0

9.0.1888-r0

9.0.1994-r0

9.0.2073-r0

9.0.2112-r0

9.0.2127-r0

9.0.2127-r1

9.1.0-r0

9.1.0-r1

9.1.0-r2

9.1.0414-r0

9.1.0652-r0

9.1.0678-r0

9.1.0707-r0

9.1.0936-r0

9.1.1012-r0

9.1.1105-r0

9.1.1164-r0

9.1.1202-r0

9.1.1202-r1

9.1.1379-r0

9.1.1397-r0

9.1.1406-r0

9.1.1415-r0

9.1.1457-r0

9.1.1471-r0

9.1.1485-r0

9.1.1516-r0

9.1.1533-r0

9.1.1533-r1

9.1.1552-r0

9.1.1557-r0

9.1.1557-r1

9.1.1566-r0

9.1.1582-r0

9.1.1582-r1

9.1.1591-r0

9.1.1593-r0

9.1.1595-r0

9.1.1616-r0

9.1.1623-r0

9.1.1627-r0

9.1.1629-r0

9.1.1634-r0

9.1.1652-r0

9.1.1663-r0

9.1.1678-r0

9.1.1684-r0

9.1.1706-r0

9.1.1723-r0

9.1.1730-r0

9.1.1738-r0

9.1.1740-r0

9.1.1747-r0

9.1.1752-r0

9.1.1760-r0

9.1.1765-r0

9.1.1775-r0

9.1.1785-r0

9.1.1792-r0

9.1.1806-r0

9.1.1818-r0

9.1.1831-r0

9.1.1840-r0

9.1.1846-r0

9.1.1854-r0

9.1.1863-r0

9.1.1868-r0

9.1.1871-r0

9.1.1879-r0

9.1.1882-r0

9.1.1891-r0

9.1.1896-r0

9.1.1900-r0

9.1.1908-r0

9.1.1917-r0

9.1.1924-r0

9.1.1926-r0

9.1.1930-r0

9.1.1942-r0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2026-25749.json"