Skip to main content

GNU LibreDWG CVE-2026-9605

MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-05-26 VulDB
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

5
CVE Published
Jun 22, 2026 - 06:03 cve.org
MEDIUM 5.5
Severity Changed
May 27, 2026 - 00:22 NVD
HIGH MEDIUM
CVSS changed
May 27, 2026 - 00:22 NVD
7.3 (HIGH) 5.5 (MEDIUM)
Source Code Evidence Fetched
May 27, 2026 - 00:01 vuln.today
Analysis Generated
May 27, 2026 - 00:01 vuln.today

DescriptionCVE.org

A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.

AnalysisAI

Heap-based buffer overflow in GNU LibreDWG through version 0.13.4.8160 lets an attacker corrupt heap memory by getting the library to parse a malicious DWG file, specifically a 2004-format file with a crafted compressed section processed via the dwgbmp thumbnail-extraction utility. The flaw stems from missing bounds validation in the decompression routine and is reachable without authentication or user privileges per its CVSS vector; impact is rated low across confidentiality, integrity, and availability (CVSS 7.3). Publicly available exploit code exists (a proof-of-concept DWG sample), but the issue is not listed in CISA KEV, and an official upstream fix has been committed.

Technical ContextAI

LibreDWG is GNU's C library for reading and writing AutoCAD DWG CAD files, used by tools such as dwgbmp (which extracts the embedded BMP/preview thumbnail from a DWG). The vulnerability is a CWE-122 heap-based buffer overflow. While the advisory text attributes the bug to the byte-reading primitive bit_read_RC in src/bits.c, the published fix actually lands in read_2004_compressed_section in src/decode.c, where the patch adds bounds checks (es.fields.address > max_decomp_size and es.fields.address + size > dec.size) before writing decompressed section data. This indicates the root cause is an unchecked attacker-controlled offset/size from the DWG R2004 compressed-section header that drives an out-of-bounds heap access during decompression, consistent with the exploit sample named 'heap_oob_write_read_2004_compressed_section'. The affected component is identified by CPE cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:* covering all versions up to 0.13.4.8160.

RemediationAI

Upstream fix available (commit 8f03865f37f5d4ffd616fef802acc980be54d300); released patched version not independently confirmed - rebuild LibreDWG from a source tree that includes this commit (https://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300), or upgrade to the first packaged release incorporating it once your distribution ships one. Until you can deploy the patched build, the most effective compensating control is to avoid processing untrusted DWG files with vulnerable LibreDWG tooling: do not run dwgbmp (or other LibreDWG consumers) against files from unverified sources, since the bug is triggered specifically by malicious R2004 compressed-section content. If LibreDWG runs as part of an automated/service pipeline, restrict it to trusted inputs and sandbox the parser (e.g., run under a restricted, low-privilege account or container with no network and minimal filesystem access) so heap corruption cannot escalate beyond the parsing process; the trade-off is added operational complexity and the loss of automated thumbnail/conversion of externally supplied DWGs. Refer to the VulDB advisory (https://vuldb.com/vuln/365678) and upstream issue #1248 for tracking.

CVE-2022-35164 CRITICAL POC
9.8 Aug 18

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. Rated critica

CVE-2021-28237 CRITICAL POC
9.8 Dec 02

LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. Rated critical severity (CVSS 9.8),

CVE-2020-21844 HIGH POC
8.8 May 17

GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. Rated high severity (CVSS 8.8), this vulnerability is remotely e

CVE-2019-9775 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2019-9774 CRITICAL POC
9.1 Mar 14

An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. Rated critical severity (CVSS 9.1), this vulnerability is remo

CVE-2020-21833 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_classes ../../src/decode.c:

CVE-2020-21841 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_B ../../src/bits.c:135. Rated high se

CVE-2020-21840 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_search_sentinel ../../src/bits.c:1985. Rat

CVE-2020-21838 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via: read_2004_section_appinfo ../../src/decode.c:

CVE-2020-21843 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 via bit_read_RC ../../src/bits.c:318. Rated high s

CVE-2020-21842 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode

CVE-2020-21832 HIGH POC
8.8 May 17

A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_compressed_section ../../src/decode

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2026-9605 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy