CVE-2026-9502— GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9502
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9502
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9502
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-9502 (1)
Proof of Concept for CVE-2026-9502 (1)
Vendor Pages for CVE-2026-9502 (1)
Other References for CVE-2026-9502 (1)
Same Patch Batch · GNU · 2026-05-25 · 5 CVEs total
| CVE-2026-9500 | 5.3 MEDIUM | GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow |
| CVE-2026-9501 | 3.3 LOW | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion |
| CVE-2026-9503 | 3.3 LOW | GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference |
| CVE-2026-9504 | 3.3 LOW | GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds |
IV. Related Vulnerabilities
Same product: LibreDWG
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer
Same vendor: GNU
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer
Same weakness: CWE-122
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-44983
smallbitvec: Safe API Triggered Heap Buffer Overflow via Int - CVE-2026-8834
IBM HTTP Server is affected by multiple vulnerabilities - CVE-2026-40033
FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rec - CVE-2026-48135
HTTP service can incorrectly process malformed HTTP requests
V. Comments for CVE-2026-9502
No comments yet