CVE-2026-9530
Deferred Deferred - Pending Action
Out-of-Bounds Read in GNU LibreDWG

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: VulDB

Description
A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9530
EUVD
EUVD-2026-31790
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu libredwg to 0.14 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability is a heap-buffer-overflow in the GNU LibreDWG library, specifically in the dwgbmp tool's decompression function for R2004 compressed sections. It occurs when processing a malformed DWG file, causing an out-of-bounds read of memory during decompression. The root cause is an incomplete boundary check in the function that reads compressed data, allowing the program to read beyond the allocated buffer size.

The issue arises from a potential integer overflow when calculating offsets during decompression, which can lead to reading memory outside the intended buffer. This vulnerability requires local access to exploit and has been publicly disclosed with a patch available to fix the problem.

Impact Analysis

The vulnerability can cause a program crash or unexpected behavior due to out-of-bounds memory reads when processing specially crafted DWG files. Although the impact is limited by requiring local access, an attacker with such access could exploit this flaw to cause denial of service or potentially leverage it as part of a larger attack chain.

Since the vulnerability involves reading memory outside allocated bounds, it might expose sensitive information or destabilize the application, but there is no direct indication of code execution or data corruption from the provided information.

Detection Guidance

This vulnerability can be detected by testing the LibreDWG library's dwgbmp tool with specially crafted malformed DWG files that trigger the out-of-bounds heap read during R2004 compressed section decompression.

Detection was originally performed using fuzzing tools combined with AddressSanitizer to identify crashes caused by malformed input files such as 'poc.dwg'.

A practical approach to detection on your system would be to run the vulnerable dwgbmp tool with suspicious or malformed DWG files and monitor for crashes or abnormal behavior.

  • Use AddressSanitizer-enabled builds of LibreDWG to run fuzzing tests or manual tests with malformed DWG files.
  • Example command to test with AddressSanitizer (assuming source build):
  • ASAN_OPTIONS=detect_stack_use_after_return=1 ./dwgbmp malformed_file.dwg
  • Monitor system logs or application output for crashes or heap-buffer-overflow errors.
Mitigation Strategies

The immediate mitigation step is to apply the official patch identified by commit 8f03865f37f5d4ffd616fef802acc980be54d300 which fixes the decompression overflow vulnerability by adding boundary checks in the decode.c file.

If patching is not immediately possible, avoid processing untrusted or malformed DWG files with the vulnerable version of LibreDWG to prevent exploitation.

Ensure that only trusted users have local access to systems running the vulnerable dwgbmp tool, as the attack requires local access.

  • Update LibreDWG to the latest version containing the patch.
  • Restrict local access to the vulnerable tool.
  • Avoid opening or processing suspicious DWG files until patched.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9530. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart