PT-2026-43130 · Gnu · Libredwg

Pwn3Rd

·

Published

2026-04-22

·

Updated

2026-05-25

·

CVE-2026-9502

CVSS v3.1

5.3

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15
Description A heap-based buffer overflow exists in the Dwgread Utility component within the decompress R2004 section() function of the src/decode.c file. This issue occurs during the processing of DWG format files and can be exploited locally to cause a denial of service, which is a condition where the software becomes unavailable or crashes.
Recommendations Deploy the patch with identifier e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 for versions prior to 0.15.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07299
CVE-2026-9502

Affected Products

Libredwg