CVE-2026-9504

🗓️ 25 May 2026 21:15:11Reported by VulDBType

CVE-2026-9504: LibreDWG Dwggrep bit_convert_TU causes local out-of-bounds read; patch be996bf2178a40e98720f18c2414815d244413db.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2026-9504	25 May 202621:15	–	attackerkb
CNNVD	GNU LibreDWG 缓冲区错误漏洞	25 May 202600:00	–	cnnvd
Cvelist	CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds	25 May 202621:15	–	cvelist
EUVD	EUVD-2026-31745	25 May 202621:15	–	euvd
NVD	CVE-2026-9504	25 May 202622:16	–	nvd
OPENSUSE Linux	libredwg-devel-0.13.4.8200-1.1 on GA media (moderate)	29 May 202600:00	–	opensuse
OSV	OPENSUSE-SU-2026:10879-1 libredwg-devel-0.13.4.8200-1.1 on GA media	28 May 202600:00	–	osv
Positive Technologies	PT-2026-43136	22 Apr 202600:00	–	ptsecurity
SUSE CVE	SUSE CVE-2026-9504	27 May 202610:58	–	susecve
Vulnrichment	CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds	25 May 202621:15	–	vulnrichment

Vulners

Node

gnu libredwgMatch0.1

gnu libredwgMatch0.2

gnu libredwgMatch0.3

gnu libredwgMatch0.4

gnu libredwgMatch0.5

gnu libredwgMatch0.6

gnu libredwgMatch0.7

gnu libredwgMatch0.8

gnu libredwgMatch0.9

gnu libredwgMatch0.10

gnu libredwgMatch0.11

gnu libredwgMatch0.12

gnu libredwgMatch0.13

gnu libredwgMatch0.14

[
  {
    "vendor": "GNU",
    "product": "LibreDWG",
    "versions": [
      {
        "version": "0.1",
        "status": "affected"
      },
      {
        "version": "0.2",
        "status": "affected"
      },
      {
        "version": "0.3",
        "status": "affected"
      },
      {
        "version": "0.4",
        "status": "affected"
      },
      {
        "version": "0.5",
        "status": "affected"
      },
      {
        "version": "0.6",
        "status": "affected"
      },
      {
        "version": "0.7",
        "status": "affected"
      },
      {
        "version": "0.8",
        "status": "affected"
      },
      {
        "version": "0.9",
        "status": "affected"
      },
      {
        "version": "0.10",
        "status": "affected"
      },
      {
        "version": "0.11",
        "status": "affected"
      },
      {
        "version": "0.12",
        "status": "affected"
      },
      {
        "version": "0.13",
        "status": "affected"
      },
      {
        "version": "0.14",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "Dwggrep Utility"
    ]
  }
]

Source	Link
gnu	www.gnu.org/
vuldb	www.vuldb.com/vuln/365486
github	www.github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg
vuldb	www.vuldb.com/vuln/365486/cti
vuldb	www.vuldb.com/submit/814261
github	www.github.com/LibreDWG/libredwg/issues/1246
github	www.github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db

26 May 2026 19:54Current

5.3Medium risk

Vulners AI Score5.3

CVSS 21.7

CVSS 3.13.3

CVSS 44.8

CVSS 33.3

EPSS0.00014

SSVC