CVE-2026-9504— GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds
Possible ATT&CK Techniques 1AI
T1203 · Exploitation for Client ExecutionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9504
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds
Source: NVD (National Vulnerability Database)
Vulnerability Description
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9504
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9504
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-9504 (1)
Exploits & Public PoCs for CVE-2026-9504 (1)
Proof of Concept for CVE-2026-9504 (1)
Vendor Pages for CVE-2026-9504 (1)
Same Patch Batch · GNU · 2026-05-25 · 5 CVEs total
| CVE-2026-9500 | 5.3 MEDIUM | GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow |
| CVE-2026-9502 | 5.3 MEDIUM | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow |
| CVE-2026-9501 | 3.3 LOW | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion |
| CVE-2026-9503 | 3.3 LOW | GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference |
IV. Related Vulnerabilities
Same product: LibreDWG
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same vendor: GNU
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same weakness: CWE-125
- CVE-2026-24196
Linux显示驱动存在越界读取漏洞 - CVE-2026-48132
VPN service may restart unexpectedly when processing IKE tra - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-41071
libheif: Heap buffer over-read in SampleAuxInfoReader via cr - CVE-2026-41069
libheif allows Out-of-bounds vector access leading to invali
V. Comments for CVE-2026-9504
No comments yet