Heap-based Buffer Overflow in GNU LibreDWG's Dwgread Utility
CVE-2026-9500

4.8MEDIUM

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 25 May 2026

Badges

👾 Exploit Exists

What is CVE-2026-9500?

A heap-based buffer overflow vulnerability exists in the GNU LibreDWG's Dwgread Utility, specifically within the read_2004_compressed_section function in src/decode.c. This flaw allows local attackers to exploit the system by manipulating the input data, potentially leading to unauthorized access or control over the affected application. The vulnerability has been publicly disclosed, and while the project was alerted early through issue reporting, no response has been issued to address the issue.

Affected Version(s)

LibreDWG 0.1

LibreDWG 0.2

LibreDWG 0.3

References

https://vuldb.com/vuln/365482

vdb-entrytechnical-description

https://vuldb.com/vuln/365482/cti

signaturepermissions-required

https://vuldb.com/submit/814248

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 25, 2026
👾
Exploit known to exist
May 25, 2026
Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

Credit

pwn3rd (VulDB User)

VulDB CNA Team

CVE-2026-9500 Data

JSON

Gnu