Description
A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Published: 2026-05-25
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A heap-based buffer overflow exists in the decompress_R2004_section function of the Dwgread Utility within GNU LibreDWG up to version 0.14. The flaw arises when malformed DWG data is processed, allowing an attacker to overwrite adjacent heap memory and potentially corrupt program state. The primary weakness is a classic out‑of‑bounds write (CWE‑119) combined with a dangerous read/write of memory after allocation (CWE‑122). If successful the attacker could alter program execution, influence data integrity, or destabilize the application.

Affected Systems

Systems running GNU LibreDWG version 0.14 or earlier are affected. The vulnerability resides in the source file src/decode.c, specifically the function decompress_R2004_section. Users of the LibreDWG Dwgread Utility without the 0.15 or later release are vulnerable.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate impact combined with limited attack scope. EPSS is not available, and the issue is not present in CISA’s KEV catalog. The attack must be carried out locally, and exploitation code is publicly available, which raises the risk for environments that allow local attackers to run the utility. While the severity is low, the local nature of the exploit means that compromised machines could be abused to destabilize the application or corrupt data.

Generated by OpenCVE AI on May 25, 2026 at 23:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreDWG to version 0.15 or later where the decompression routine has been fixed.
  • If an upgrade is not yet possible, apply the patch from the commit e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 which corrects the buffer bounds in decompress_R2004_section.
  • Restrict local execution of the Dwgread Utility to trusted users or run the application in a sandboxed environment until an update is applied.

Generated by OpenCVE AI on May 25, 2026 at 23:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 21:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Title GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow
First Time appeared Gnu
Gnu libredwg
Weaknesses CWE-119
CWE-122
CPEs cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*
Vendors & Products Gnu
Gnu libredwg
References
Metrics cvssV2_0

{'score': 4.3, 'vector': 'AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 5.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Gnu Libredwg
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T12:37:08.356Z

Reserved: 2026-05-25T10:03:54.408Z

Link: CVE-2026-9502

cve-icon Vulnrichment

Updated: 2026-05-26T12:36:59.270Z

cve-icon NVD

Status : Received

Published: 2026-05-25T21:16:35.997

Modified: 2026-05-25T21:16:35.997

Link: CVE-2026-9502

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T00:00:13Z

Weaknesses