EUVD-2026-31745

🗓️ 25 May 2026 21:15:11Reported by EUVDType

Local out-of-bounds read in LibreDWG before 0.14 via bit_convert_TU in dwggrep.c; patch be996bf2178a40e98720f18c2414815d244413db.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2026-9504	25 May 202621:15	–	attackerkb
CNNVD	GNU LibreDWG 缓冲区错误漏洞	25 May 202600:00	–	cnnvd
CVE	CVE-2026-9504	25 May 202621:15	–	cve
Cvelist	CVE-2026-9504 GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds	25 May 202621:15	–	cvelist
NVD	CVE-2026-9504	25 May 202622:16	–	nvd
OPENSUSE Linux	libredwg-devel-0.13.4.8200-1.1 on GA media (moderate)	29 May 202600:00	–	opensuse
OSV	OPENSUSE-SU-2026:10879-1 libredwg-devel-0.13.4.8200-1.1 on GA media	28 May 202600:00	–	osv
Positive Technologies	PT-2026-43136	22 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-9504	5 Jun 202619:47	–	redhatcve
SUSE CVE	SUSE CVE-2026-9504	27 May 202610:58	–	susecve

[
  {
    "enisaIdVendor": [
      {
        "id": "46f747ee-8dc3-3a60-a42d-cb6fa8b0196f",
        "vendor": {
          "name": "GNU"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "203f355c-1369-379c-9350-f3f5dee5f186",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.13"
      },
      {
        "id": "26bc2cd1-698f-307d-b414-cf6a52381088",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.8"
      },
      {
        "id": "297fa121-ce21-350d-a898-5f9ce62beeed",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.1"
      },
      {
        "id": "2b3e9f6d-cfa3-3a28-a241-5a953e787272",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.6"
      },
      {
        "id": "42153ac6-c934-322b-b574-9ed4ac4d5f9f",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.4"
      },
      {
        "id": "4d241e8a-6b0c-3b50-9494-92409e204b33",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.11"
      },
      {
        "id": "4d764651-b944-3ef2-8534-8f651045e8e2",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.7"
      },
      {
        "id": "6540083f-9d3f-3dd2-845c-bc7f8f2d1b15",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.3"
      },
      {
        "id": "664798b9-abf2-31bf-a5ef-dfefeaf9a3d9",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.14"
      },
      {
        "id": "7b1aec3e-5a5c-311b-9b7d-655fb7f8c1a7",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.5"
      },
      {
        "id": "8982ce64-0086-3c03-8583-688ef4149ad4",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.9"
      },
      {
        "id": "ae14de95-3bd5-305a-a7c7-28001ea1ca4c",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.10"
      },
      {
        "id": "dc977901-e4df-3580-b889-e08eb29d4697",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.2"
      },
      {
        "id": "fcf2a95f-74f0-352f-bdc1-99a2781e6883",
        "product": {
          "name": "libredwg"
        },
        "product_version": "0.12"
      }
    ]
  }
]

Source	Link
vuldb	www.vuldb.com/vuln/365486
vuldb	www.vuldb.com/vuln/365486/cti
vuldb	www.vuldb.com/submit/814261
github	www.github.com/LibreDWG/libredwg/issues/1246
github	www.github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_bit_convert_TU.dwg
github	www.github.com/LibreDWG/libredwg/commit/be996bf2178a40e98720f18c2414815d244413db
gnu	www.gnu.org/

25 May 2026 21:15Current

5.3Medium risk

Vulners AI Score5.3

CVSS 44.8

CVSS 21.7

CVSS 3.13.3

CVSS 33.3

EPSS0.00014