CVE-2026-9529
Null Pointer Dereference in GNU LibreDWG
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | libredwg | to 0.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL pointer dereference in the GNU LibreDWG library, specifically in the match_BLOCK_HEADER function of the dwggrep utility. When processing a malformed DWG file, the function attempts to access memory at a NULL address, causing the program to crash with a segmentation fault.
The issue arises from handling corrupted or intentionally malformed DWG files, leading to a crash due to a NULL pointer read access. This vulnerability requires local access to exploit and has been publicly disclosed.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause the affected application or utility to crash unexpectedly due to a NULL pointer dereference. This results in a denial of service condition, potentially disrupting normal operations.
Since the attack requires local access, an attacker with limited privileges could cause the application to terminate, which might affect availability but does not directly lead to data compromise.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing crashes or segmentation faults in the dwggrep tool of the libredwg library when processing malformed DWG files.
Fuzzing tests with intentionally malformed DWG input files can trigger the NULL pointer dereference, causing a segmentation fault (signal 11).
Using debugging tools such as AddressSanitizer during testing can help identify the crash point in the match_BLOCK_HEADER function of dwggrep.c.
A practical detection approach is to run dwggrep on suspicious or untrusted DWG files and monitor for crashes or segmentation faults.
Example command to test a DWG file for the vulnerability: ./dwggrep <malformed_or_untrusted_file.dwg> If the tool crashes with a segmentation fault, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable dwggrep tool on untrusted or malformed DWG files to prevent triggering the NULL pointer dereference.
Apply any available patches or updates to the libredwg library that address this vulnerability once they are released.
If patching is not immediately possible, consider restricting local access to systems running the vulnerable version to trusted users only, as the attack requires local access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.