GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds_CVE-2026-9504

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.

Basic Information

ID CVE-2026-9504

Source VulDB

Published May 25, 2026 at 21:15

Affected Product

Vendor GNU

Product LibreDWG

Version 0.1

Affected Versions GNU LibreDWG 0.1
GNU LibreDWG 0.2
GNU LibreDWG 0.3
GNU LibreDWG 0.4
GNU LibreDWG 0.5
GNU LibreDWG 0.6
GNU LibreDWG 0.7
GNU LibreDWG 0.8
GNU LibreDWG 0.9
GNU LibreDWG 0.10
GNU LibreDWG 0.11
GNU LibreDWG 0.12
GNU LibreDWG 0.13
GNU LibreDWG 0.14

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.",
    "published": "2026-05-25T21:15:11.611Z",
    "modified": "2026-05-25T21:15:11.611Z",
    "type": "cve",
    "title": "GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/365486\nhttps://vuldb.com/vuln/365486/cti\nhttps://vuldb.com/submit/814261\nhttps://github.com/LibreDWG/libredwg/issues/1246\nhttps://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg\nhttps://github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db\nhttps://www.gnu.org/",
    "id": "CVE-2026-9504",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "GNU LibreDWG 0.1\nGNU LibreDWG 0.2\nGNU LibreDWG 0.3\nGNU LibreDWG 0.4\nGNU LibreDWG 0.5\nGNU LibreDWG 0.6\nGNU LibreDWG 0.7\nGNU LibreDWG 0.8\nGNU LibreDWG 0.9\nGNU LibreDWG 0.10\nGNU LibreDWG 0.11\nGNU LibreDWG 0.12\nGNU LibreDWG 0.13\nGNU LibreDWG 0.14",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibreDWG",
    "version": "0.1",
    "vendor": "GNU",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}