Low severity3.3NVD Advisory· Published May 25, 2026· Updated May 26, 2026
CVE-2026-9503
CVE-2026-9503
Description
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
7- github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwgnvd
- github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300nvd
- github.com/LibreDWG/libredwg/issues/1245nvd
- vuldb.com/submit/814260nvd
- vuldb.com/vuln/365485nvd
- vuldb.com/vuln/365485/ctinvd
- www.gnu.orgnvd
News mentions
0No linked articles in our index yet.