CVE-2026-9504

EUVD-2026-31745
A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gnulibredwg
0.1
CNA
gnulibredwg
0.2
CNA
gnulibredwg
0.3
CNA
gnulibredwg
0.4
CNA
gnulibredwg
0.5
CNA
gnulibredwg
0.6
CNA
gnulibredwg
0.7
CNA
gnulibredwg
0.8
CNA
gnulibredwg
0.9
CNA
gnulibredwg
0.10
CNA
gnulibredwg
0.11
CNA
gnulibredwg
0.12
CNA
gnulibredwg
0.13
CNA
gnulibredwg
0.14
CNA