3.3
CVE-2026-9503
- EPSS 0.14%
- Veröffentlicht 25.05.2026 21:00:16
- Zuletzt bearbeitet 26.05.2026 19:54:40
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerGNU
≫
Produkt
LibreDWG
Version
0.1
Status
affected
Version
0.2
Status
affected
Version
0.3
Status
affected
Version
0.4
Status
affected
Version
0.5
Status
affected
Version
0.6
Status
affected
Version
0.7
Status
affected
Version
0.8
Status
affected
Version
0.9
Status
affected
Version
0.10
Status
affected
Version
0.11
Status
affected
Version
0.12
Status
affected
Version
0.13
Status
affected
Version
0.14
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.039 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@vuldb.com | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
|
| cna@vuldb.com | 1.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| cna@vuldb.com | 1.7 | 3.1 | 2.9 |
AV:L/AC:L/Au:S/C:N/I:N/A:P
|
CWE-404 Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://www.gnu.org/
https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg
https://vuldb.com/vuln/365485
https://vuldb.com/vuln/365485/cti
https://vuldb.com/submit/814260
https://github.com/LibreDWG/libredwg/issues/1245
https://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300