Home GNU CVE-2026-9605
Back to GNU

CVE-2026-9605

GNU libredwg - Dwgbmp Utility

GNU CVSS 7.3 Updated May 29, 2026

Executive Risk Summary

"A heap-based buffer overflow vulnerability has been discovered in GNU libredwg up to version 0.13.4.8160, affecting the Dwgbmp Utility component. This issue can be exploited remotely, allowing an attacker to potentially execute arbitrary code."

Anticipated Attack Path

  1. 1. Initial exploitation of the heap-based buffer overflow vulnerability
  2. 2. Potential code execution and privilege escalation
  3. 3. Lateral movement and further exploitation of the compromised system

Am I Vulnerable?

  • Verify the version of GNU libredwg installed on the system
  • Check for any suspicious activity or crashes related to the Dwgbmp Utility component
  • Apply the recommended patch (8f03865f37f5d4ffd616fef802acc980be54d300) to mitigate the vulnerability

Operational Audit Arsenal

Target Type library
Target Asset libredwg
Standard Path /usr/lib/libredwg.so

Manual Verification Required

This is a non-Windows asset (GNU). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Unlikely

Minimal, as the patch only updates the libredwg library

Internal Work Notes

Apply patch 8f03865f37f5d4ffd616fef802acc980be54d300 to GNU libredwg to mitigate heap-based buffer overflow vulnerability in Dwgbmp Utility component.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg
Official Advisoryhttps://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300
Official Advisoryhttps://github.com/LibreDWG/libredwg/issues/1248
Official Advisoryhttps://vuldb.com/submit/818197
Official Advisoryhttps://vuldb.com/vuln/365678
Official Advisoryhttps://vuldb.com/vuln/365678/cti
Official Advisoryhttps://www.gnu.org/
Official Advisoryhttps://github.com/LibreDWG/libredwg/issues/1248
Official Advisoryhttps://vuldb.com/submit/818197
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.