CVE-2026-9503 GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference

🗓️ 25 May 2026 21:00:16Reported by VulDBType

CVE-2026-9503: LibreDWG up to 0.14 has a local null pointer dereference in dwg_next_entity.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-9503	25 May 202621:00	–	attackerkb
CNNVD	GNU LibreDWG 代码问题漏洞	25 May 202600:00	–	cnnvd
CVE	CVE-2026-9503	25 May 202621:00	–	cve
EUVD	EUVD-2026-31741	25 May 202621:00	–	euvd
NVD	CVE-2026-9503	25 May 202621:16	–	nvd
OPENSUSE Linux	libredwg-devel-0.13.4.8200-1.1 on GA media (moderate)	29 May 202600:00	–	opensuse
OSV	OPENSUSE-SU-2026:10879-1 libredwg-devel-0.13.4.8200-1.1 on GA media	28 May 202600:00	–	osv
Positive Technologies	PT-2026-43131	22 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-9503	5 Jun 202619:48	–	redhatcve
SUSE CVE	SUSE CVE-2026-9503	27 May 202612:59	–	susecve

[
  {
    "vendor": "GNU",
    "product": "LibreDWG",
    "versions": [
      {
        "version": "0.1",
        "status": "affected"
      },
      {
        "version": "0.2",
        "status": "affected"
      },
      {
        "version": "0.3",
        "status": "affected"
      },
      {
        "version": "0.4",
        "status": "affected"
      },
      {
        "version": "0.5",
        "status": "affected"
      },
      {
        "version": "0.6",
        "status": "affected"
      },
      {
        "version": "0.7",
        "status": "affected"
      },
      {
        "version": "0.8",
        "status": "affected"
      },
      {
        "version": "0.9",
        "status": "affected"
      },
      {
        "version": "0.10",
        "status": "affected"
      },
      {
        "version": "0.11",
        "status": "affected"
      },
      {
        "version": "0.12",
        "status": "affected"
      },
      {
        "version": "0.13",
        "status": "affected"
      },
      {
        "version": "0.14",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
    ],
    "modules": [
      "DWG File Handler"
    ]
  }
]

Source	Link
github	www.github.com/LibreDWG/libredwg/issues/1245
github	www.github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_oob_write_read_2004_compressed_section.dwg
vuldb	www.vuldb.com/submit/814260
vuldb	www.vuldb.com/vuln/365485/cti
github	www.github.com/LibreDWG/libredwg/commit/8f03865f37f5d4ffd616fef802acc980be54d300
gnu	www.gnu.org/
vuldb	www.vuldb.com/vuln/365485

25 May 2026 21:00Current

CVSS 21.7

CVSS 3.13.3

CVSS 33.3

CVSS 44.8

EPSS0.00143