Local Null Dereference in LibreDWG<0.14 match_BLOCK_HEADER (Dwggrep)
CVE-2026-9529 Published on May 26, 2026
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference
A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been released to the public and may be used for attacks.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Products Associated with CVE-2026-9529
Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.
Affected Versions
GNU LibreDWG:- Version 0.1 is affected.
- Version 0.2 is affected.
- Version 0.3 is affected.
- Version 0.4 is affected.
- Version 0.5 is affected.
- Version 0.6 is affected.
- Version 0.7 is affected.
- Version 0.8 is affected.
- Version 0.9 is affected.
- Version 0.10 is affected.
- Version 0.11 is affected.
- Version 0.12 is affected.
- Version 0.13 is affected.
- Version 0.14 is affected.