CVE-2026-15520
Received Received - Intake

Heap-based Buffer Overflow in GNU LibreDWG

Vulnerability report for CVE-2026-15520, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: VulDB

Description

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
gnu libredwg 0.13.4-154-g0b573035
gnu libredwg 0.14.8396

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a heap-based buffer overflow found in the decompress_R2004_section function of the LibreDWG library. It occurs when parsing specially crafted DWG R2004 input files, causing an out-of-bounds write in heap memory during the decompression process. The root cause is related to incorrect buffer size management during decompression, where the buffer is reallocated to a smaller size but the code continues to write beyond this smaller buffer, leading to memory corruption.

The vulnerability requires local access to exploit and can be triggered by running the dwg2dxf tool with a malicious DWG file in binary mode. It was discovered through fuzzing and detected by AddressSanitizer. A patch has been released in version 0.14.8396 to fix this issue by correcting the buffer size handling.

Compliance Impact

The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

Exploiting this vulnerability can lead to a heap-based buffer overflow, which may cause application crashes or potentially allow an attacker to execute arbitrary code or corrupt memory. Since the attack requires local access, an attacker would need to have some level of access to the system to trigger the vulnerability.

The impact includes possible denial of service due to crashes and potential escalation of privileges or code execution if the overflow is leveraged effectively.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the heap-buffer-overflow condition using the dwg2dxf tool with a specially crafted DWG R2004 input file in binary mode.

A practical detection method involves running the following command on a suspicious or test DWG file to check for crashes or abnormal behavior:

  • dwg2dxf --binary <crafted_input_file.dwg>

Using AddressSanitizer or similar memory error detection tools during this test can help identify the heap-buffer-overflow triggered by malformed input.

Mitigation Strategies

The primary mitigation step is to upgrade the affected LibreDWG component to version 0.14.8396 or later, which contains the patch fixing this vulnerability.

The patch removes the incorrect buffer size reassignment that caused the heap overflow, ensuring safe decompression of R2004 sections.

Since the exploit requires local access, restricting access to the vulnerable tool and avoiding processing untrusted DWG files can also reduce risk until the upgrade is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15520. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart