LibreDWG <=0.14 DEP Assertion via decompress_R2004_section Local Only
CVE-2026-9501 Published on May 25, 2026
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion
A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2026-9501 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2026-9501
Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.
Affected Versions
GNU LibreDWG:- Version 0.1 is affected.
- Version 0.2 is affected.
- Version 0.3 is affected.
- Version 0.4 is affected.
- Version 0.5 is affected.
- Version 0.6 is affected.
- Version 0.7 is affected.
- Version 0.8 is affected.
- Version 0.9 is affected.
- Version 0.10 is affected.
- Version 0.11 is affected.
- Version 0.12 is affected.
- Version 0.13 is affected.
- Version 0.14 is affected.