CVE-2026-9530
LOWGNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds
Title source: cnaDescription
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.
References (7)
Core 7
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-365549 | GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds
https://vuldb.com/vuln/365549
Signature, Permissions Required signature
permissions-required
VDB-365549 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/365549/cti
Third Party Advisory third-party-advisory
Submit #814275 | LibreDWG Project LibreDWG <= 0.14, main branch up to commit 6d6a339 (2026-04-10) Out-of-bounds Read (CWE-125)
https://vuldb.com/submit/814275
Issue Tracking issue-tracking
https://github.com/LibreDWG/libredwg/issues/1248
Exploit exploit
https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg
Product product
https://www.gnu.org/
Scores
CVSS v3
3.3
EPSS
0.0014
EPSS Percentile
3.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
CWE-125
Status
published
Products (14)
GNU/LibreDWG
0.1
GNU/LibreDWG
0.10
GNU/LibreDWG
0.11
GNU/LibreDWG
0.12
GNU/LibreDWG
0.13
GNU/LibreDWG
0.14
GNU/LibreDWG
0.2
GNU/LibreDWG
0.3
GNU/LibreDWG
0.4
GNU/LibreDWG
0.5
... and 4 more
Published
May 26, 2026
Tracked Since
May 26, 2026