GNU LibreDWG
Moderate fix2 remedies
cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*
Moderate fix2 remedies
- <= 0.14
GNU LibreDWG Null Pointer Dereference Vulnerability in DWG File Handler
Vulnerability
Patched
A null pointer dereference vulnerability has been identified in GNU LibreDWG versions through 0.14. The issue arises in the DWG File Handler component, specifically within the 'dwg_next_entity' function of 'src/decode.c'. This vulnerability allows for a local attack that can lead to a segmentation fault by accessing an invalid memory address. The flaw has been publicly disclosed and exploited.
Impact
Exploitation of this vulnerability causes a segmentation fault due to a null pointer dereference, leading to a crash of the application.
Reproduction
The vulnerability can be reproduced by using the 'dwg2SVG' tool included with LibreDWG. After compiling LibreDWG with AddressSanitizer enabled, a malformed DWG file that triggers the null pointer dereference can be processed with 'dwg2SVG', resulting in a crash.
Remediation
Users are advised to upgrade to the patched version of GNU LibreDWG, which is available in the official repository.
Added: May 26, 2026, 6:20 PM
Updated: May 26, 2026, 6:20 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
4.6remediation
7.7relevance
9.6threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.