PT-2026-43130 · Gnu · Libredwg
Pwn3Rd
·
Published
2026-04-22
·
Updated
2026-05-25
·
CVE-2026-9502
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
GNU LibreDWG versions prior to 0.15
Description
A heap-based buffer overflow exists in the Dwgread Utility component within the
decompress R2004 section() function of the src/decode.c file. This issue occurs during the processing of DWG format files and can be exploited locally to cause a denial of service, which is a condition where the software becomes unavailable or crashes.Recommendations
Deploy the patch with identifier e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 for versions prior to 0.15.
Exploit
Fix
Buffer Overflow
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libredwg