Skip to main content

GNU LibreDWG EUVD-2026-31740

| CVE-2026-9502 LOW
Heap-based Buffer Overflow (CWE-122)
2026-05-25 VulDB GHSA-mxm7-v873-f6m3
Heap Overflow Buffer Overflow Libredwg
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Source Code Evidence Fetched
Jun 08, 2026 - 13:33 vuln.today
Analysis Generated
Jun 08, 2026 - 13:33 vuln.today
Severity Changed
May 26, 2026 - 20:07 NVD
MEDIUM LOW
CVSS changed
May 26, 2026 - 20:07 NVD
5.3 (MEDIUM) 1.9 (LOW)

DescriptionCVE.org

A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.

AnalysisAI

Heap-based buffer overflow in GNU LibreDWG's dwgread utility (versions 0.1 through 0.14) allows a local attacker with low privileges to corrupt heap memory by supplying a specially crafted R2004-format DWG file. The vulnerable function decompress_R2004_section in src/decode.c fails to validate decompression offset and size parameters before writing, enabling out-of-bounds heap writes with partial confidentiality, integrity, and availability impact. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain local low-privilege system access
Delivery
Stage or deliver malicious R2004 DWG file
Exploit
Invoke dwgread against crafted DWG file
Execution
Trigger unvalidated comp_offset/comp_bytes in decompress_R2004_section
Persist
Write past heap buffer boundary
Impact
Corrupt heap metadata or adjacent data
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires local system access with at least low-privilege user credentials (CVSS PR:L, AV:L) on a host where GNU LibreDWG 0.1 through 0.14 is installed and the dwgread utility is accessible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Despite the presence of a public POC, multiple signals converge on low real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard (low-privilege) access on a system running LibreDWG 0.14 or earlier crafts or downloads a malicious DWG file containing an R2004 section with invalid comp_bytes and comp_offset values - a sample is publicly available at https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg. The user passes this file to the dwgread utility, triggering decompress_R2004_section to write beyond the bounds of the dec output buffer on the heap. …
Remediation Apply the upstream patch available at https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9, which adds out-of-bounds validation to decompress_R2004_section. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-31740 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy