Volerion logoVolerion
Volerion logoVolerion

GNU LibreDWG Heap-Based Buffer Overflow Vulnerability in Dwgbmp Utility

Vulnerability

A heap-buffer-overflow vulnerability has been identified in GNU LibreDWG versions through 0.14. The issue arises in the Dwgbmp utility, specifically within the 'read_2004_compressed_section' function of 'src/decode.c'. This vulnerability allows for an out-of-bounds read, and requires local access to exploit. The vulnerability has been publicly disclosed and could be used in attacks.

Impact

Exploitation of this vulnerability leads to a heap-based buffer overflow, causing an out-of-bounds read that can be exploited to manipulate memory.

Reproduction

The vulnerability can be reproduced by processing a crafted DWG file with the 'dwgbmp' utility of LibreDWG. This can be done by compiling LibreDWG with AFL++'s 'afl-clang-fast' compiler, which instruments the binary for fuzzing. After compiling, the 'dwgbmp' tool can be run with the malformed DWG file that triggers the vulnerability.

Remediation

Users are advised to update to the patched version of GNU LibreDWG, which is available on the official GitHub repository.

Added: May 26, 2026, 5:39 PM
Updated: May 26, 2026, 5:39 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
4.2
remediation
7.7
relevance
9.6
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.