Nullptr Deref in LibreDWG DWG Handler (0.13.4) Local Exploit
CVE-2026-15184 Published on July 9, 2026
GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Products Associated with CVE-2026-15184
Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.
Affected Versions
GNU LibreDWG:- Version 0.13.0 is affected.
- Version 0.13.1 is affected.
- Version 0.13.2 is affected.
- Version 0.13.3 is affected.
- Version 0.13.4 is affected.
- Version 0.14 is unaffected.