EUVD-2026-31790
GHSA-x5hm-p5rv-v4c7
Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.
AnalysisAI
Out-of-bounds read in GNU LibreDWG's read_2004_compressed_section function (src/decode.c) affects all versions through 0.14, allowing a local low-privileged attacker to crash the dwgbmp utility or any LibreDWG-based application by supplying a crafted DWG 2004 file with manipulated section address or size fields. Impact is limited to availability (application crash) with no confirmed confidentiality or integrity exposure per the CVSS 4.0 vector. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Local filesystem access with low-level privileges (PR:L per CVSS 4.0 vector) is required - remote network-based exploitation is not possible without an intermediary file upload or intake mechanism. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 4.0 score of 1.9 accurately reflects the constrained risk: AV:L requires local access, PR:L demands at minimum low-privilege credentials, and the only confirmed impact is VA:L (partial availability - crash). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local attacker with standard user privileges places a crafted DWG 2004 file on a system where a LibreDWG-based application (such as dwgbmp) automatically or manually processes DWG files - for example, a shared rendering or conversion service. The malicious file contains section header fields with an address or address+size value exceeding the decompression buffer bounds, triggering an out-of-bounds read in read_2004_compressed_section and crashing the application. … |
| Remediation | Apply the upstream patch at commit 8f03865f37f5d4ffd616fef802acc980be54d300 from the LibreDWG GitHub repository (https://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today