Out-of-Bounds Read Vulnerability in GNU LibreDWG Dwggrep Utility
CVE-2026-9504

4.8MEDIUM

Key Information:

Vendor: Gnu
Status: Libredwg
Vendor: CVE Published:; 25 May 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-9504?

A vulnerability has been found in the GNU LibreDWG's Dwggrep Utility within the function bit_convert_TU. This flaw causes an out-of-bounds read condition, which can potentially lead to local attacks. The exploit has been made publicly available, thus reinforcing the need for immediate action. The recommended solution is to apply the provided patch (be996bf2178a40e98720f18c2414815d244413db) to mitigate this risk and ensure system integrity.

Affected Version(s)

LibreDWG 0.1

LibreDWG 0.2

LibreDWG 0.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-9504 - Proof of Concept

References

https://vuldb.com/vuln/365486

vdb-entrytechnical-description

https://vuldb.com/vuln/365486/cti

signaturepermissions-required

https://vuldb.com/submit/814261

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 25, 2026
👾
Exploit known to exist
May 25, 2026
Vulnerability published
May 25, 2026
Vulnerability Reserved
May 25, 2026

Credit

pwn3rd (VulDB User)

CVE-2026-9504 Data

JSON

Gnu

Badges

What is CVE-2026-9504?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit