Heap Buffer Overflow in GNU libredwg 0.13.4.8160 (Dwgbmp Utility)
CVE-2026-9605 Published on May 26, 2026
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update
Weakness Types
Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
What is a Buffer Overflow Vulnerability?
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
CVE-2026-9605 has been classified to as a Buffer Overflow vulnerability or weakness.
Products Associated with CVE-2026-9605
Want to know whenever a new CVE is published for GNU Libredwg? stack.watch will email you.
