CVE-2026-15182
Received Received - Intake

Heap-based Buffer Overflow in GNU LibreDWG

Vulnerability report for CVE-2026-15182, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: VulDB

Description

A vulnerability has been found in GNU LibreDWG up to 0.13.4. The affected element is the function dwg_bmp of the file src/dwg.c of the component BMP Image Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.14 is sufficient to fix this issue. The name of the patch is 18fd542bb4d5ccedf9de12052bf50068b2b26f06. It is suggested to upgrade the affected component.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
gnu libredwg 0.14
gnu libredwg to 0.13.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow found in the GNU LibreDWG library up to version 0.13.4. It specifically affects the function dwg_bmp in the BMP Image Handler component. The issue arises from improper bounds checking and handling of data sizes when processing DWG file thumbnails, which can lead to memory corruption. The vulnerability requires local access to exploit and has been publicly disclosed.

The root cause involves incorrect overflow checks and unsigned integer underflow in the dwg_bmp function, allowing an attacker to manipulate the processing of BMP image data in DWG files, potentially causing out-of-bounds memory reads or writes.

Upgrading to LibreDWG version 0.14, which includes patches fixing these boundary checks, mitigates the vulnerability.

Impact Analysis

This vulnerability can lead to heap-based buffer overflow when processing malformed DWG files locally using the affected LibreDWG library. Such an overflow can cause program crashes or potentially allow an attacker to execute arbitrary code or corrupt memory.

Since the attack requires local access, the impact is limited to users who can run or process DWG files with the vulnerable software. Exploitation could result in denial of service or compromise of the affected system's stability and security.

Upgrading to version 0.14 of LibreDWG resolves this issue and prevents these impacts.

Detection Guidance

This vulnerability is a heap-based buffer overflow in the dwg_bmp function of the LibreDWG library's BMP Image Handler and must be exploited locally by processing a malformed DWG file.

Detection involves identifying attempts to process malformed DWG files with vulnerable versions of LibreDWG (up to 0.13.4).

Fuzzing tools like AFL++ combined with AddressSanitizer have been used to detect this vulnerability by triggering heap-buffer-overflow crashes during BMP image data writing.

To detect exploitation attempts or test your system, you can run the vulnerable dwgbmp tool with crafted DWG files that trigger the overflow, monitoring for crashes or abnormal behavior.

Example command to test the vulnerable tool (assuming you have a crafted malicious DWG file named exploit.dwg):

  • dwgbmp exploit.dwg

Additionally, running the vulnerable LibreDWG library or tools compiled with AddressSanitizer can help detect out-of-bounds memory accesses during processing.

Mitigation Strategies

The primary and recommended mitigation is to upgrade LibreDWG to version 0.14 or later, as this version includes the patch that fixes the heap-based buffer overflow in the dwg_bmp function.

The patch (commit 18fd542bb4d5ccedf9de12052bf50068b2b26f06) corrects multiple incorrect overflow checks and boundary conditions to prevent buffer overflows and underflows.

Until upgrading, avoid processing untrusted or malformed DWG files locally with vulnerable versions of LibreDWG to reduce risk.

If upgrading immediately is not possible, consider running LibreDWG tools in a restricted environment or sandbox to limit potential damage from exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15182. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart