GNU LibreDWG
Moderate fix1 remedy
cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.14
GNU LibreDWG Heap-Based Buffer Overflow Vulnerability in Dwggrep Utility
Vulnerability
A heap-based buffer overflow vulnerability has been identified in GNU LibreDWG versions through 0.14. The issue arises in the Dwggrep Utility, specifically within the 'bit_convert_TU' function of 'programs/dwggrep.c'. This vulnerability allows for an out-of-bounds read, which could be exploited locally. The problem has been publicly disclosed, and a patch is available.
Impact
Exploitation of this vulnerability leads to a heap-based buffer overflow, causing a crash and potentially allowing for memory corruption.
Reproduction
The vulnerability can be reproduced by processing a crafted DWG file with the 'dwggrep' tool included in LibreDWG. The file must be designed to exploit the buffer overflow in the 'bit_convert_TU' function, particularly when the 'dwggrep' utility searches LTYPE object data.
Remediation
Users are advised to update to the patched version of GNU LibreDWG. The patch is included in the commit 'be996bf2178a40e98720f18c2414815d244413db'.
Added: May 26, 2026, 6:09 PM
Updated: May 26, 2026, 6:09 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.6exploitability
4.6remediation
7.7relevance
9.4threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.