CVE-2026-9501
BaseFortify
Publication date: 2026-05-25
Last updated on: 2026-05-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | libredwg | to 0.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU LibreDWG up to version 0.14, specifically in the decompress_R2004_section function within the src/decode.c file of the Dwgread Utility component. It can be triggered by a local attacker manipulating the function, which leads to a reachable assertion, potentially causing unexpected behavior or crashes. The vulnerability has been publicly disclosed and a patch is available to fix the issue.
How can this vulnerability impact me? :
The impact of this vulnerability is limited due to its low severity score and the requirement for local access. Exploiting it can cause a reachable assertion, which may lead to application crashes or denial of service. There is no indication of data disclosure or privilege escalation. However, the exploit is publicly known, so unpatched systems remain at risk.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the patch identified as e501cb9926c1e9a07a0d1cc997f3e69e9be801c9 to the GNU LibreDWG software.
Since the attack is restricted to local execution, limiting local access and ensuring that only trusted users have access to the system can also help reduce risk.