CVE-2026-9503

EUVD-2026-31741
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnulibredwg
0.1
CNA
gnulibredwg
0.2
CNA
gnulibredwg
0.3
CNA
gnulibredwg
0.4
CNA
gnulibredwg
0.5
CNA
gnulibredwg
0.6
CNA
gnulibredwg
0.7
CNA
gnulibredwg
0.8
CNA
gnulibredwg
0.9
CNA
gnulibredwg
0.10
CNA
gnulibredwg
0.11
CNA
gnulibredwg
0.12
CNA
gnulibredwg
0.13
CNA
gnulibredwg
0.14
CNA