← back
CVE-2026-9605

GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow

CVSS 6.9 MEDIUMEPSS 0.3%CWE-119CWE-122
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
GNU · libredwg
public PoCs found1
cve_referencegithub.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwgunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwghttps://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300https://github.com/LibreDWG/libredwg/issues/1248https://vuldb.com/submit/818197https://vuldb.com/vuln/365678https://vuldb.com/vuln/365678/ctihttps://www.gnu.org/