Skip to main content

GNU LibreDWG CVE-2026-15182

| EUVDEUVD-2026-42580 LOW
Heap-based Buffer Overflow (CWE-122)
2026-07-09 VulDB GHSA-3h8r-9w82-hxmh
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local file-parsing attack requires low privileges to supply the malicious DWG; no scope change occurs and impact is bounded to the parsing process.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 09, 2026 - 12:22 NVD
MEDIUM LOW
CVSS changed
Jul 09, 2026 - 12:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jul 09, 2026 - 12:19 vuln.today

DescriptionCVE.org

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.14 is sufficient to fix this issue. The name of the patch is 18fd542bb4d5ccedf9de12052bf50068b2b26f06. It is suggested to upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in GNU LibreDWG up to version 0.13.4 allows local low-privileged attackers to corrupt heap memory via a specially crafted DWG file containing malicious BMP image data processed by the dwg_bmp function in src/dwg.c. A public proof-of-concept exploit (a crafted R13/R2000 .dwg file) has been disclosed on GitHub, raising the urgency for affected deployments that process untrusted DWG input. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft malicious DWG with oversized BMP data
Delivery
Deliver file to target user or pipeline
Exploit
Open file in LibreDWG-based application
Execution
dwg_bmp parses embedded BMP image
Persist
Heap buffer overflow corrupts adjacent memory
Impact
Application crash or arbitrary code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires that a target system runs an application built against GNU LibreDWG 0.13.4 or earlier and that application processes a malicious DWG file containing crafted BMP image data - specifically traversing the dwg_bmp code path in src/dwg.c. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 4.8 (Medium) appropriately reflects the constrained real-world risk profile: the local attack vector (AV:L) and low-privilege requirement (PR:L) mean an attacker cannot exploit this remotely against an unattended system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker crafts a malicious DWG file (analogous to the publicly disclosed R13/R2000 .dwg POC at https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_heap_overflow_decode_R13_R2000.dwg) and delivers it to a user running a LibreDWG-based CAD application, or places it in a directory where an automated DWG processing pipeline will ingest it. When the application calls dwg_bmp to parse the embedded BMP image data, the crafted dimensions or data length trigger a write past the heap buffer boundary, corrupting adjacent heap structures and causing at minimum an application crash, and potentially enabling code execution under the user's privilege context.
Remediation The primary remediation is to upgrade GNU LibreDWG to version 0.14 or later, which fully resolves the heap-based buffer overflow in the dwg_bmp function. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-35164 CRITICAL POC
9.8 Aug 18

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Rated critica

CVE-2021-28237 CRITICAL POC
9.8 Dec 02

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Rated critical severity (CVSS 9.8),

CVE-2020-21844 HIGH POC
8.8 May 17

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2019-9775 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2019-9774 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2020-21833 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:

CVE-2020-21841 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. Rated high se

CVE-2020-21840 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. Rat

CVE-2020-21838 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:

CVE-2020-21843 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. Rated high s

CVE-2020-21842 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode

CVE-2020-21832 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode

Share

CVE-2026-15182 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy