GNU LibreDWG
Moderate fix1 remedy
cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 0.13.4.8160
GNU Libredwg Heap-Based Buffer Overflow Vulnerability in Dwgbmp Utility
Vulnerability
A heap-based buffer overflow vulnerability has been identified in GNU Libredwg versions through 0.13.4.8160. The issue arises in the Dwgbmp utility, specifically within the 'bit_read_RC' function of 'bits.c'. This vulnerability can be exploited remotely, leading to a heap-based buffer overflow.
Impact
Exploitation of this vulnerability causes a heap-buffer-overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by processing a malformed DWG file with the 'dwgbmp' utility included in Libredwg. This can be done by compiling Libredwg with AFL++'s 'afl-clang-fast' as the compiler, and AddressSanitizer enabled, which will expose the heap-buffer-overflow error when the vulnerable 'bit_read_RC' function is called with the crafted DWG file.
Remediation
Users are advised to update to GNU Libredwg version 0.13.4.8200, where this vulnerability has been fixed.
Added: May 27, 2026, 12:19 AM
Updated: May 27, 2026, 12:19 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
1.3exploitability
5.6remediation
7.7relevance
9.7threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.