CVE-2026-9504
Severity CVSS v4.0:
LOW
Type:
CWE-119
Buffer Errors
Publication date:
25/05/2026
Last modified:
26/05/2026
Description
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Impact
Base Score 4.0
1.90
Severity 4.0
LOW
Base Score 3.x
3.30
Severity 3.x
LOW
Base Score 2.0
1.70
Severity 2.0
LOW
References to Advisories, Solutions, and Tools
- https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg
- https://github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db
- https://github.com/LibreDWG/libredwg/issues/1246
- https://vuldb.com/submit/814261
- https://vuldb.com/vuln/365486
- https://vuldb.com/vuln/365486/cti
- https://www.gnu.org/
- https://github.com/LibreDWG/libredwg/issues/1246



