CVE-2026-9503

CVE Database · CVE-2026-9503

CVE-2026-9503

· LOWDeferred

CVSS v3.1

3.3

CVSS v4.0

1.9

EPSS

0.14%

Published

May 25, 2026

Modified

May 26, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-404CWE-476

References (7)

https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg

https://github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300

https://github.com/LibreDWG/libredwg/issues/1245

https://vuldb.com/submit/814260

https://vuldb.com/vuln/365485

https://vuldb.com/vuln/365485/cti

https://www.gnu.org/

KEV Catalog EPSS Scores Vendors All CVEs