LibreDWG<=0.14: heap-based buffer overflow in read_2004_compressed_section
CVE-2026-9500 Published on May 25, 2026
GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow
A vulnerability was found in GNU LibreDWG up to 0.14. The affected element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgread Utility. Performing a manipulation results in heap-based buffer overflow. The attack is only possible with local access. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2026-9500 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2026-9500
Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.
Affected Versions
GNU LibreDWG:- Version 0.1 is affected.
- Version 0.2 is affected.
- Version 0.3 is affected.
- Version 0.4 is affected.
- Version 0.5 is affected.
- Version 0.6 is affected.
- Version 0.7 is affected.
- Version 0.8 is affected.
- Version 0.9 is affected.
- Version 0.10 is affected.
- Version 0.11 is affected.
- Version 0.12 is affected.
- Version 0.13 is affected.
- Version 0.14 is affected.