CVE-2026-9504 - Vulnerability Details

- GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds

Description

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.

Published: 2026-05-25

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw exists in the bit_convert_TU function of the dwggrep utility. It allows a local attacker to trigger an out‑of‑bounds read when processing an input DWG file. This can expose arbitrary data from memory, leading to information disclosure. The weakness is classified under CWE‑119 and CWE‑125.

Affected Systems

GNU LibreDWG versions up to 0.14, particularly the dwggrep utility in programs/dwggrep.c. The patch commit be996bf2178a40e98720f18c2414815d244413db addresses the issue and is available in the repository.

Risk and Exploitability

The CVSS score of 4.8 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the attack must be launched locally and the exploit is publicly available, the risk is moderate for systems where dwggrep runs under local user accounts. A local attacker with the ability to execute the utility could read sensitive data from memory.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GNU

LibreDWG

affected

Version	Status	Constraints
`0.1`	affected	—
`0.2`	affected	—
`0.3`	affected	—
`0.4`	affected	—
`0.5`	affected	—
`0.6`	affected	—
`0.7`	affected	—
`0.8`	affected	—
`0.9`	affected	—
`0.10`	affected	—
`0.11`	affected	—
`0.12`	affected	—
`0.13`	affected	—
`0.14`	affected	—

No data.

Vendor Product Confidence Versions

Gnu

Libredwg

95%

Version	Status	Scheme	Platform
`0.1`	affected	generic	—
`0.2`	affected	generic	—
`0.3`	affected	generic	—
`0.4`	affected	generic	—
`0.5`	affected	generic	—
`0.6`	affected	generic	—
`0.7`	affected	generic	—
`0.8`	affected	generic	—
`0.9`	affected	generic	—
`0.10`	affected	generic	—
`0.11`	affected	generic	—
`0.12`	affected	generic	—
`0.13`	affected	generic	—
`0.14`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the patch commit be996bf2178a40e98720f18c2414815d244413db or upgrade to a later LibreDWG release that contains the fix.
If the patch cannot be applied immediately, restrict the use of the dwggrep utility to trusted users and run it in a least‑privilege environment.
Remove or disable the dwggrep utility from systems that do not require it.
Validate or sandbox any DWG files before processing with dwggrep to reduce the risk of a crafted malicious file triggering the out‑of‑bounds read.

Generated by OpenCVE AI on May 25, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00012.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg
https://github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db
https://github.com/LibreDWG/libredwg/issues/1246
https://vuldb.com/submit/814261
https://vuldb.com/vuln/365486
https://vuldb.com/vuln/365486/cti
https://www.gnu.org/

History

Tue, 26 May 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 25 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Title		GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds
First Time appeared		Gnu Gnu libredwg
Weaknesses		CWE-119 CWE-125
CPEs		cpe:2.3:a:gnu:libredwg::::::::
Vendors & Products		Gnu Gnu libredwg
References		https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg https://github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db https://github.com/LibreDWG/libredwg/issues/1246 https://vuldb.com/submit/814261 https://vuldb.com/vuln/365486 https://vuldb.com/vuln/365486/cti https://www.gnu.org/
Metrics		cvssV2_0 `{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Gnu Libredwg

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-25T21:15:11.611Z

Updated: 2026-05-26T15:11:22.474Z

Reserved: 2026-05-25T10:04:28.109Z

Link: CVE-2026-9504

Vulnrichment

Updated: 2026-05-26T15:11:18.488Z

NVD

Status : Received

Published: 2026-05-25T22:16:34.153

Modified: 2026-05-26T16:16:30.530

Link: CVE-2026-9504

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T01:00:11Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object