Skip to main content

GNU LibreDWG CVE-2026-9500

| EUVD-2026-31732 LOW
Heap-based Buffer Overflow (CWE-122)
2026-05-25 VulDB GHSA-hh47-vf3p-8vq5
Heap Overflow Buffer Overflow Libredwg
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 12:59 vuln.today
Severity Changed
May 26, 2026 - 14:22 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 14:22 NVD
5.3 (MEDIUM) 1.9 (LOW)

DescriptionCVE.org

A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Heap-based buffer overflow in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) exposes users of the dwgread utility to partial confidentiality, integrity, and availability compromise when processing a maliciously crafted DWG file. All released versions from 0.1 through 0.14 are affected, and a publicly available proof-of-concept exploit file exists on GitHub. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privilege access to target system
Delivery
Prepare or obtain crafted malicious DWG file
Exploit
Invoke dwgread against malicious DWG file
Execution
Trigger heap OOB write in read_2004_compressed_section
Impact
Achieve partial confidentiality, integrity, or availability impact on vulnerable process
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Local system access is required (AV:L); remote network-based exploitation is not possible for this vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Overall risk is low in absolute terms but contextually relevant for environments that process untrusted DWG files. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local attacker with low-level system privileges crafts or obtains a malicious DWG file - a working proof-of-concept is publicly available at https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg - and submits it to a system where dwgread or a LibreDWG-based application processes it. During parsing of the DWG 2004 compressed section, the read_2004_compressed_section function writes out-of-bounds on the heap, corrupting adjacent memory with limited but measurable impact on confidentiality, integrity, and availability of the affected process.
Remediation No vendor-released patch has been identified at time of analysis; the LibreDWG project maintainers have not responded to the disclosure as reported in GitHub issue https://github.com/LibreDWG/libredwg/issues/1241. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9500 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy