CVE-2026-9530
Out-of-Bounds Read in GNU LibreDWG
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | libredwg | to 0.14 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a heap-buffer-overflow in the GNU LibreDWG library, specifically in the dwgbmp tool's decompression function for R2004 compressed sections. It occurs when processing a malformed DWG file, causing an out-of-bounds read of memory during decompression. The root cause is an incomplete boundary check in the function that reads compressed data, allowing the program to read beyond the allocated buffer size.
The issue arises from a potential integer overflow when calculating offsets during decompression, which can lead to reading memory outside the intended buffer. This vulnerability requires local access to exploit and has been publicly disclosed with a patch available to fix the problem.
How can this vulnerability impact me? :
The vulnerability can cause a program crash or unexpected behavior due to out-of-bounds memory reads when processing specially crafted DWG files. Although the impact is limited by requiring local access, an attacker with such access could exploit this flaw to cause denial of service or potentially leverage it as part of a larger attack chain.
Since the vulnerability involves reading memory outside allocated bounds, it might expose sensitive information or destabilize the application, but there is no direct indication of code execution or data corruption from the provided information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the LibreDWG library's dwgbmp tool with specially crafted malformed DWG files that trigger the out-of-bounds heap read during R2004 compressed section decompression.
Detection was originally performed using fuzzing tools combined with AddressSanitizer to identify crashes caused by malformed input files such as 'poc.dwg'.
A practical approach to detection on your system would be to run the vulnerable dwgbmp tool with suspicious or malformed DWG files and monitor for crashes or abnormal behavior.
- Use AddressSanitizer-enabled builds of LibreDWG to run fuzzing tests or manual tests with malformed DWG files.
- Example command to test with AddressSanitizer (assuming source build):
- ASAN_OPTIONS=detect_stack_use_after_return=1 ./dwgbmp malformed_file.dwg
- Monitor system logs or application output for crashes or heap-buffer-overflow errors.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the official patch identified by commit 8f03865f37f5d4ffd616fef802acc980be54d300 which fixes the decompression overflow vulnerability by adding boundary checks in the decode.c file.
If patching is not immediately possible, avoid processing untrusted or malformed DWG files with the vulnerable version of LibreDWG to prevent exploitation.
Ensure that only trusted users have local access to systems running the vulnerable dwgbmp tool, as the attack requires local access.
- Update LibreDWG to the latest version containing the patch.
- Restrict local access to the vulnerable tool.
- Avoid opening or processing suspicious DWG files until patched.