CVE-2026-9501

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15

Description The decompress R2004 section() function within the src/decode.c file of the Dwgread Utility contains an uncontrolled reachable assertion. This issue allows a local attacker to cause a denial of service through specific manipulation.

Recommendations Apply patch e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 to remediate the issue. As a temporary workaround, restrict the use of the decompress R2004 section() function.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

BDU:2026-07301

CVE-2026-9501

OPENSUSE-SU-2026:10879-1

Affected Products

Libredwg

CVE-2026-9501

Weakness Enumeration

Related Identifiers

Affected Products

References · 14