CVE-2026-9504
3.3 LOWA weakness has been identified in GNU LibreDWG up to 0.14
Published: 2026-05-25 · Last updated: 2026-05-26
Severity and scoring
- CVSS
- 3.3 LOW
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-119, CWE-125
Description
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9504
- [Other]https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg
- [Other]https://github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db
- [Other]https://github.com/LibreDWG/libredwg/issues/1246
- [Other]https://vuldb.com/submit/814261
- [Other]https://vuldb.com/vuln/365486
- [Other]https://vuldb.com/vuln/365486/cti
- [Other]https://www.gnu.org/
- [Other]https://github.com/LibreDWG/libredwg/issues/1246
Related CVEs
Same CWE
- CVE-2026-47166 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-45624 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)
- CVE-2026-45359 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.7 MEDIUM)
- CVE-2026-45358 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.3 MEDIUM)
- CVE-2026-42326 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.1 MEDIUM)