Skip to main content

GNU LibreDWG CVE-2026-15520

| EUVDEUVD-2026-43263 LOW
Heap-based Buffer Overflow (CWE-122)
2026-07-13 VulDB GHSA-67vr-6jq3-273m
1.9
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
1.9 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.3 MEDIUM

Local attack vector and low privilege required per CVSS 4.0 source data; uniform low CIA impact consistent with heap overflow without scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Severity Changed
Jul 13, 2026 - 02:22 NVD
MEDIUM LOW
CVSS changed
Jul 13, 2026 - 02:22 NVD
4.8 (MEDIUM) 1.9 (LOW)
Analysis Generated
Jul 13, 2026 - 01:59 vuln.today

DescriptionCVE.org

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component.

AnalysisAI

Heap-based buffer overflow in GNU LibreDWG 0.13.4-154-g0b573035 allows a local low-privileged attacker to corrupt heap memory by supplying a crafted DWG file processed through the R2004 section decompressor, yielding partial confidentiality, integrity, and availability impact. The vulnerability resides in decompress_R2004_section within src/decode.c and is exploitable whenever LibreDWG parses attacker-controlled R2004-format DWG content. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Supply crafted R2004-format DWG file locally
Delivery
Trigger decompress_R2004_section in decode.c
Exploit
Overflow heap-allocated decompression buffer
Execution
Corrupt adjacent heap metadata or object
Impact
Achieve partial memory read/write or process crash

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker hold at minimum a low-privilege local account on the target system (PR:L per CVSS 4.0 vector) - unauthenticated remote exploitation is not possible given AV:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N) confirms that exploitation is strictly local: an attacker must already have low-privilege access to the system and the ability to supply files to a LibreDWG-consuming process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker places a specially crafted DWG file - constructed to embed malformed R2004 section metadata - into a directory monitored by an automated LibreDWG-based conversion service running as a low-privilege daemon. When the service processes the file, `decompress_R2004_section` overflows a heap buffer in `decode.c`, corrupting adjacent allocations and producing partial read/write access to heap memory or a process crash. …
Remediation Upgrade GNU LibreDWG to version 0.14.8396 or later, which incorporates the fix in commit `3d0f9fc2eddbd6579c99af3111c37c98f03475d0`; the release is available at https://github.com/LibreDWG/libredwg/releases/tag/0.14.8396. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2022-35164 CRITICAL POC
9.8 Aug 18

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Rated critica

CVE-2021-28237 CRITICAL POC
9.8 Dec 02

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Rated critical severity (CVSS 9.8),

CVE-2020-21844 HIGH POC
8.8 May 17

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2019-9775 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2019-9774 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2020-21833 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:

CVE-2020-21841 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. Rated high se

CVE-2020-21840 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. Rat

CVE-2020-21838 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:

CVE-2020-21843 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. Rated high s

CVE-2020-21842 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode

CVE-2020-21832 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode

Share

CVE-2026-15520 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy