EUVD-2026-31741
GHSA-q6j5-wxg6-4vrv
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
AnalysisAI
Null pointer dereference in GNU LibreDWG (all versions through 0.14) allows a local, low-privileged attacker to crash any application that uses the library to parse a maliciously crafted DWG file, resulting in a denial-of-service condition with no confidentiality or integrity impact. The affected code path is within the DWG 2004 compressed-section handler in src/decode.c, where missing bounds checks on section entry address fields permit invalid memory access. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Local system access with low privileges is required (AV:L/PR:L per CVSS 4.0 vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 1.9 (AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P) reflects a genuinely low-severity issue: local attack vector only, low privileges required, and impact limited to partial availability (process crash). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker with a low-privileged shell account on a system running a LibreDWG-linked application (such as a CAD file converter or document management tool) submits the publicly available POC DWG file (https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg) for processing. The malformed 2004 compressed section causes read_2004_compressed_section in src/decode.c to access memory at an address beyond the decompression buffer bounds, triggering a null pointer dereference and crashing the parsing process. … |
| Remediation | Upstream fix available (patch commit); a released patched version tag is not independently confirmed from the provided data - verify the latest tagged release on the LibreDWG GitHub repository (https://github.com/LibreDWG/libredwg) to confirm the commit is included. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today