CVE-2026-9605
Heap-based Buffer Overflow in GNU LibreDWG
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | libredwg | to 0.13.4.8160 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap-based buffer overflow found in the GNU libredwg library, specifically in the bit_read_RC function of the Dwgbmp Utility component. It occurs when processing malformed DWG files, causing an out-of-bounds heap read or write during the decompression of R2004 compressed sections. This flaw can be exploited remotely and has an available public exploit.
The root cause is related to insufficient boundary checks during decompression, which allows the program to read or write beyond allocated memory buffers, potentially leading to crashes or arbitrary code execution.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a heap-based buffer overflow, which may cause the affected application to crash or allow an attacker to execute arbitrary code remotely without any user interaction or privileges.
This can result in unauthorized access, data corruption, or denial of service, impacting the confidentiality, integrity, and availability of systems using the vulnerable GNU libredwg library.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the affected GNU libredwg component with specially crafted malformed DWG files that trigger the heap-based buffer overflow in the bit_read_RC function. Fuzzing tools and AddressSanitizer were used to identify the issue by processing malformed input files such as a proof-of-concept DWG file.
A practical detection approach involves running the dwgbmp utility from libredwg with a known malicious or malformed DWG file (like the provided proof-of-concept file) and monitoring for crashes or abnormal behavior indicating a heap overflow.
Example command to test the vulnerability (assuming you have a malicious DWG file named poc.dwg):
- LD_PRELOAD=libasan.so ./dwgbmp poc.dwg
This command runs dwgbmp with AddressSanitizer enabled (libasan.so) to detect heap buffer overflows during decompression.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to apply the official patch provided by the LibreDWG project, identified by commit 8f03865f37f5d4ffd616fef802acc980be54d300.
This patch fixes the decompression overflow by adding boundary checks to prevent integer overflow and buffer overflows during DWG file decompression.
If patching is not immediately possible, avoid processing untrusted or malformed DWG files with the vulnerable versions of libredwg to reduce the risk of exploitation.