CVE-2026-9605
Deferred Deferred - Pending Action
Heap-based Buffer Overflow in GNU LibreDWG

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: VulDB

Description
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-9605
EUVD
EUVD-2026-32023
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu libredwg to 0.13.4.8160 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow found in the GNU libredwg library, specifically in the bit_read_RC function of the Dwgbmp Utility component. It occurs when processing malformed DWG files, causing an out-of-bounds heap read or write during the decompression of R2004 compressed sections. This flaw can be exploited remotely and has an available public exploit.

The root cause is related to insufficient boundary checks during decompression, which allows the program to read or write beyond allocated memory buffers, potentially leading to crashes or arbitrary code execution.

Impact Analysis

Exploitation of this vulnerability can lead to a heap-based buffer overflow, which may cause the affected application to crash or allow an attacker to execute arbitrary code remotely without any user interaction or privileges.

This can result in unauthorized access, data corruption, or denial of service, impacting the confidentiality, integrity, and availability of systems using the vulnerable GNU libredwg library.

Detection Guidance

This vulnerability can be detected by testing the affected GNU libredwg component with specially crafted malformed DWG files that trigger the heap-based buffer overflow in the bit_read_RC function. Fuzzing tools and AddressSanitizer were used to identify the issue by processing malformed input files such as a proof-of-concept DWG file.

A practical detection approach involves running the dwgbmp utility from libredwg with a known malicious or malformed DWG file (like the provided proof-of-concept file) and monitoring for crashes or abnormal behavior indicating a heap overflow.

Example command to test the vulnerability (assuming you have a malicious DWG file named poc.dwg):

  • LD_PRELOAD=libasan.so ./dwgbmp poc.dwg

This command runs dwgbmp with AddressSanitizer enabled (libasan.so) to detect heap buffer overflows during decompression.

Mitigation Strategies

The recommended immediate mitigation step is to apply the official patch provided by the LibreDWG project, identified by commit 8f03865f37f5d4ffd616fef802acc980be54d300.

This patch fixes the decompression overflow by adding boundary checks to prevent integer overflow and buffer overflows during DWG file decompression.

If patching is not immediately possible, avoid processing untrusted or malformed DWG files with the vulnerable versions of libredwg to reduce the risk of exploitation.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9605. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart