CVE-2026-9501

EUVD-2026-31737
A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnulibredwg
0.1
CNA
gnulibredwg
0.2
CNA
gnulibredwg
0.3
CNA
gnulibredwg
0.4
CNA
gnulibredwg
0.5
CNA
gnulibredwg
0.6
CNA
gnulibredwg
0.7
CNA
gnulibredwg
0.8
CNA
gnulibredwg
0.9
CNA
gnulibredwg
0.10
CNA
gnulibredwg
0.11
CNA
gnulibredwg
0.12
CNA
gnulibredwg
0.13
CNA
gnulibredwg
0.14
CNA