Primary

Context

LibreDWG Heap Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

A heap buffer overflow vulnerability has been identified in LibreDWG versions 0.13.3.7571 prior to 0.13.3.7835. This vulnerability allows a crafted DWG file to cause a denial-of-service condition by triggering a segmentation fault in the application. The issue arises in the 'decompress_R2004_section' function within 'src/decode.c', where improper handling of data can lead to memory corruption and application crashes.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by compiling LibreDWG with the normal configuration or with a release flag enabled. After compiling, the 'dwgread' program can be run with a crafted DWG file that triggers the buffer overflow. The crash can be verified using AddressSanitizer, which will report a heap-buffer-overflow error.

Added: Mar 12, 2026, 7:32 PM

Updated: Mar 12, 2026, 7:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreDWG Heap Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

LibreDWG

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating