Nullptr Deref in LibreDWG DWG Handler (0.13.4) Local Exploit
CVE-2026-15184 Published on July 9, 2026

GNU LibreDWG DWG File dwg.c dwg_next_entity null pointer dereference
A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503.

NVD

Timeline

Advisory disclosed

VulDB entry created

VulDB entry last update

Weakness Types

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.


Products Associated with CVE-2026-15184

Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.

 

Affected Versions

GNU LibreDWG: