CVE-2026-9504

Summary

A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.

Affected Software

VendorProductVersion RangeStatus
GNULibreDWG0.1affected
GNULibreDWG0.2affected
GNULibreDWG0.3affected
GNULibreDWG0.4affected
GNULibreDWG0.5affected
GNULibreDWG0.6affected
GNULibreDWG0.7affected
GNULibreDWG0.8affected
GNULibreDWG0.9affected
GNULibreDWG0.10affected
GNULibreDWG0.11affected
GNULibreDWG0.12affected
GNULibreDWG0.13affected
GNULibreDWG0.14affected

Weaknesses

  • CWE-125: Out-of-Bounds Read
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References