Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-9502 (GCVE-0-2026-9502)
Vulnerability from cvelistv5 – Published: 2026-05-25 20:45 – Updated: 2026-05-26 12:37 X_Open Source
VLAI
EPSS
VEX
Title
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow
Summary
A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365484 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365484/cti | signaturepermissions-required |
| https://vuldb.com/submit/814259 | third-party-advisory |
| https://github.com/LibreDWG/libredwg/issues/1243 | issue-tracking |
| https://github.com/HackC0der/CVE-Repos/blob/main/… | exploit |
| https://github.com/LibreDWG/libredwg/commit/e501c… | patch |
| https://www.gnu.org/ | product |
Impacted products
Credits
pwn3rd (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:36:51.204975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:37:08.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
],
"modules": [
"Dwgread Utility"
],
"product": "LibreDWG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pwn3rd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-25T20:45:10.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365484 | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365484"
},
{
"name": "VDB-365484 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365484/cti"
},
{
"name": "Submit #814259 | LibreDWG Project LibreDWG \u003c= 0.14, main branch up to commit 6d6a339 (released 2026-04-10) Heap-based Buffer Overflow (CWE-122)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/814259"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/LibreDWG/libredwg/issues/1243"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg"
},
{
"tags": [
"patch"
],
"url": "https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-05-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-25T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-25T12:09:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9502",
"datePublished": "2026-05-25T20:45:10.399Z",
"dateReserved": "2026-05-25T10:03:54.408Z",
"dateUpdated": "2026-05-26T12:37:08.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-9502",
"date": "2026-07-15",
"epss": "0.00154",
"percentile": "0.04934"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-9502\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2026-05-25T21:16:35.997\",\"lastModified\":\"2026-06-17T11:05:23.013\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.\"}],\"affected\":[{\"source\":\"cna@vuldb.com\",\"affectedData\":[{\"vendor\":\"GNU\",\"product\":\"LibreDWG\",\"cpes\":[\"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*\"],\"modules\":[\"Dwgread Utility\"],\"versions\":[{\"version\":\"0.1\",\"status\":\"affected\"},{\"version\":\"0.2\",\"status\":\"affected\"},{\"version\":\"0.3\",\"status\":\"affected\"},{\"version\":\"0.4\",\"status\":\"affected\"},{\"version\":\"0.5\",\"status\":\"affected\"},{\"version\":\"0.6\",\"status\":\"affected\"},{\"version\":\"0.7\",\"status\":\"affected\"},{\"version\":\"0.8\",\"status\":\"affected\"},{\"version\":\"0.9\",\"status\":\"affected\"},{\"version\":\"0.10\",\"status\":\"affected\"},{\"version\":\"0.11\",\"status\":\"affected\"},{\"version\":\"0.12\",\"status\":\"affected\"},{\"version\":\"0.13\",\"status\":\"affected\"},{\"version\":\"0.14\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-26T12:36:51.204975Z\",\"id\":\"CVE-2026-9502\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"references\":[{\"url\":\"https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/LibreDWG/libredwg/issues/1243\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/submit/814259\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/365484\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/vuln/365484/cti\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://www.gnu.org/\",\"source\":\"cna@vuldb.com\"}]}}",
"redhat_vex": {
"current_release_date": "2026-06-05T19:47:45+00:00",
"cve": "CVE-2026-9502",
"id": "CVE-2026-9502",
"initial_release_date": "2026-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-9502.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-9502\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-26T12:36:51.204975Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-26T12:36:59.270Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"pwn3rd (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 4.3, \"vectorString\": \"AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*\"], \"vendor\": \"GNU\", \"modules\": [\"Dwgread Utility\"], \"product\": \"LibreDWG\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1\"}, {\"status\": \"affected\", \"version\": \"0.2\"}, {\"status\": \"affected\", \"version\": \"0.3\"}, {\"status\": \"affected\", \"version\": \"0.4\"}, {\"status\": \"affected\", \"version\": \"0.5\"}, {\"status\": \"affected\", \"version\": \"0.6\"}, {\"status\": \"affected\", \"version\": \"0.7\"}, {\"status\": \"affected\", \"version\": \"0.8\"}, {\"status\": \"affected\", \"version\": \"0.9\"}, {\"status\": \"affected\", \"version\": \"0.10\"}, {\"status\": \"affected\", \"version\": \"0.11\"}, {\"status\": \"affected\", \"version\": \"0.12\"}, {\"status\": \"affected\", \"version\": \"0.13\"}, {\"status\": \"affected\", \"version\": \"0.14\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-25T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2026-05-25T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2026-05-25T12:09:58.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/vuln/365484\", \"name\": \"VDB-365484 | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/vuln/365484/cti\", \"name\": \"VDB-365484 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/submit/814259\", \"name\": \"Submit #814259 | LibreDWG Project LibreDWG \u003c= 0.14, main branch up to commit 6d6a339 (released 2026-04-10) Heap-based Buffer Overflow (CWE-122)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/LibreDWG/libredwg/issues/1243\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.gnu.org/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"Heap-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-05-25T20:45:10.399Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-9502\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-26T12:37:08.356Z\", \"dateReserved\": \"2026-05-25T10:03:54.408Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2026-05-25T20:45:10.399Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-9502
Vulnerability from fkie_nvd - Published: 2026-05-25 21:16 - Updated: 2026-06-17 11:05
Severity
Summary
A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"cpes": [
"cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*"
],
"modules": [
"Dwgread Utility"
],
"product": "LibreDWG",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "0.1"
},
{
"status": "affected",
"version": "0.2"
},
{
"status": "affected",
"version": "0.3"
},
{
"status": "affected",
"version": "0.4"
},
{
"status": "affected",
"version": "0.5"
},
{
"status": "affected",
"version": "0.6"
},
{
"status": "affected",
"version": "0.7"
},
{
"status": "affected",
"version": "0.8"
},
{
"status": "affected",
"version": "0.9"
},
{
"status": "affected",
"version": "0.10"
},
{
"status": "affected",
"version": "0.11"
},
{
"status": "affected",
"version": "0.12"
},
{
"status": "affected",
"version": "0.13"
},
{
"status": "affected",
"version": "0.14"
}
]
}
],
"source": "cna@vuldb.com"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch."
}
],
"id": "CVE-2026-9502",
"lastModified": "2026-06-17T11:05:23.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 1.9,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-9502",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-26T12:36:51.204975Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-25T21:16:35.997",
"references": [
{
"source": "cna@vuldb.com",
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9"
},
{
"source": "cna@vuldb.com",
"url": "https://github.com/LibreDWG/libredwg/issues/1243"
},
{
"source": "cna@vuldb.com",
"url": "https://vuldb.com/submit/814259"
},
{
"source": "cna@vuldb.com",
"url": "https://vuldb.com/vuln/365484"
},
{
"source": "cna@vuldb.com",
"url": "https://vuldb.com/vuln/365484/cti"
},
{
"source": "cna@vuldb.com",
"url": "https://www.gnu.org/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
GHSA-MXM7-V873-F6M3
Vulnerability from github – Published: 2026-05-26 13:30 – Updated: 2026-05-26 13:30
VLAI
Details
A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.
Severity
{
"affected": [],
"aliases": [
"CVE-2026-9502"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-25T21:16:35Z",
"severity": "LOW"
},
"details": "A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.",
"id": "GHSA-mxm7-v873-f6m3",
"modified": "2026-05-26T13:30:51Z",
"published": "2026-05-26T13:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9502"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/issues/1243"
},
{
"type": "WEB",
"url": "https://github.com/LibreDWG/libredwg/commit/e501cb9926c1e9a07a0d1cc997f3e69e9be801c9"
},
{
"type": "WEB",
"url": "https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_6d6a339_heap_overflow_decompress_R2004_section.dwg"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/814259"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365484"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/365484/cti"
},
{
"type": "WEB",
"url": "https://www.gnu.org"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
OPENSUSE-SU-2026:21346-1
Vulnerability from csaf_opensuse - Published: 2026-07-13 10:19 - Updated: 2026-07-13 10:19Summary
Security update for libredwg
Severity
Important
Notes
Title of the patch: Security update for libredwg
Description of the patch: This update for libredwg fixes the following issues:
Changes in libredwg:
- Update to snapshot 0.14.8413
* fix dwg_next_entity NULL pointer dereference
[CVE-2026-15184, boo#1271170]
* Fix dwg_bmp thumbnail overflow checks
[CVE-2026-15181, boo#1271169]
* Resolve NULL pointer dereference (SEGV) in match_BLOCK_HEADER
[CVE-2026-9529, boo#1266380]
* Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf accept
DXB input/output, and dxfwrite accepts DXB.
* Minor features:
* R2007+ split string stream encoding for Header, Classes, and
objects.
* Added cycle checks in entity link chains.
* Added release helpers and improved CI (ODAFileConverter QT6,
xvfb-run).
* dwgfuzz: show mode with --version.
- update to 0.14:
* Write support for r2004 (AC1018) DWG files. The encoder now
produces compressed, encrypted section headers and the
LZ77-compressed object data layout required since r2004.
* Split large object files (encode, decode) into 2 objects,
significantly reducing peak memory usage during compilation
and enabling parallel builds to scale better.
* dwgadd: handle fields (e.g. layer, ltype, style) can now be
set by table-record name in addition to raw handle references.
A string value like `line.layer = "FOO"` is resolved via
dwg_find_tablehandle() at parse time.
* Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf
accept DXB input/output, and dxfwrite accepts DXB.
* R2007+ split string stream encoding for Header, Classes, and
objects.
* Added cycle checks in entity link chains. GH #1226.
* Added regression tests for decompress_r2007 OOB reads and
R2004 section decompression. Added dwgfilter.test.
* Added release helpers and improved CI (ODAFileConverter QT6,
xvfb-run).
* dwgfuzz: show mode with --version.
* API/ABI changes (source-incompatible):
* Renamed HEADER/2NDHEADER.is_maint to maint_rel_version.
* Renamed PROXY_OBJECT.dwg_versions.
* Bumped SO_VERSION to 0:14:0.
- Update to snapshot 0.13.4.8200
* Write support for r2004 (AC1018) DWG files. The encoder now
produces compressed, encrypted section headers and the
LZ77-compressed object data layout required since r2004.
* Split large object files (encode, decode) into 2 objects,
significantly reducing peak memory usage during compilation and
enabling parallel builds to scale better.
* dwgadd: handle fields (e.g. layer, ltype, style) can now be set
by table-record name in addition to raw handle references. A
string value like `line.layer = "FOO"` is resolved via
dwg_find_tablehandle() at parse time.
* Fix decompress_R2004_section buffer overflow
[CVE-2026-9501, CVE-2026-9502, CVE-2026-9529, CVE-2026-9530,
boo#1266377, boo#1266378, boo#1266380, boo#1266287]
* Fix dwg_next_entity NULL pointer dereference
[CVE-2026-9503, boo#1266379]
* Fix NULL pointer dereferences in DXF output for corrupted DWG
input [CVE-2026-9504, boo#1266321]
* decode: fix decompression overflow [CVE-2026-9605, boo#1266365]
Patchnames: openSUSE-Leap-16.0-packagehub-410
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for libredwg",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for libredwg fixes the following issues:\n\nChanges in libredwg:\n\n- Update to snapshot 0.14.8413\n * fix dwg_next_entity NULL pointer dereference\n [CVE-2026-15184, boo#1271170]\n * Fix dwg_bmp thumbnail overflow checks\n [CVE-2026-15181, boo#1271169]\n * Resolve NULL pointer dereference (SEGV) in match_BLOCK_HEADER\n [CVE-2026-9529, boo#1266380]\n * Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf accept\n DXB input/output, and dxfwrite accepts DXB.\n * Minor features:\n * R2007+ split string stream encoding for Header, Classes, and\n objects.\n * Added cycle checks in entity link chains.\n * Added release helpers and improved CI (ODAFileConverter QT6,\n xvfb-run).\n * dwgfuzz: show mode with --version.\n\n- update to 0.14:\n * Write support for r2004 (AC1018) DWG files. The encoder now\n produces compressed, encrypted section headers and the\n LZ77-compressed object data layout required since r2004.\n * Split large object files (encode, decode) into 2 objects,\n significantly reducing peak memory usage during compilation\n and enabling parallel builds to scale better.\n * dwgadd: handle fields (e.g. layer, ltype, style) can now be\n set by table-record name in addition to raw handle references.\n A string value like `line.layer = \"FOO\"` is resolved via\n dwg_find_tablehandle() at parse time.\n * Added DXB (binary DXF) support: dwgwrite/dwgread/dwg2dxf\n accept DXB input/output, and dxfwrite accepts DXB.\n * R2007+ split string stream encoding for Header, Classes, and\n objects.\n * Added cycle checks in entity link chains. GH #1226.\n * Added regression tests for decompress_r2007 OOB reads and\n R2004 section decompression. Added dwgfilter.test.\n * Added release helpers and improved CI (ODAFileConverter QT6,\n xvfb-run).\n * dwgfuzz: show mode with --version.\n * API/ABI changes (source-incompatible):\n * Renamed HEADER/2NDHEADER.is_maint to maint_rel_version.\n * Renamed PROXY_OBJECT.dwg_versions.\n * Bumped SO_VERSION to 0:14:0.\n\n- Update to snapshot 0.13.4.8200\n * Write support for r2004 (AC1018) DWG files. The encoder now\n produces compressed, encrypted section headers and the\n LZ77-compressed object data layout required since r2004.\n * Split large object files (encode, decode) into 2 objects,\n significantly reducing peak memory usage during compilation and\n enabling parallel builds to scale better.\n * dwgadd: handle fields (e.g. layer, ltype, style) can now be set\n by table-record name in addition to raw handle references. A\n string value like `line.layer = \"FOO\"` is resolved via\n dwg_find_tablehandle() at parse time.\n * Fix decompress_R2004_section buffer overflow\n [CVE-2026-9501, CVE-2026-9502, CVE-2026-9529, CVE-2026-9530,\n boo#1266377, boo#1266378, boo#1266380, boo#1266287]\n * Fix dwg_next_entity NULL pointer dereference\n [CVE-2026-9503, boo#1266379]\n * Fix NULL pointer dereferences in DXF output for corrupted DWG\n input [CVE-2026-9504, boo#1266321]\n * decode: fix decompression overflow [CVE-2026-9605, boo#1266365]\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-410",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_21346-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1266287",
"url": "https://bugzilla.suse.com/1266287"
},
{
"category": "self",
"summary": "SUSE Bug 1266321",
"url": "https://bugzilla.suse.com/1266321"
},
{
"category": "self",
"summary": "SUSE Bug 1266365",
"url": "https://bugzilla.suse.com/1266365"
},
{
"category": "self",
"summary": "SUSE Bug 1266377",
"url": "https://bugzilla.suse.com/1266377"
},
{
"category": "self",
"summary": "SUSE Bug 1266378",
"url": "https://bugzilla.suse.com/1266378"
},
{
"category": "self",
"summary": "SUSE Bug 1266379",
"url": "https://bugzilla.suse.com/1266379"
},
{
"category": "self",
"summary": "SUSE Bug 1266380",
"url": "https://bugzilla.suse.com/1266380"
},
{
"category": "self",
"summary": "SUSE Bug 1271169",
"url": "https://bugzilla.suse.com/1271169"
},
{
"category": "self",
"summary": "SUSE Bug 1271170",
"url": "https://bugzilla.suse.com/1271170"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-15181 page",
"url": "https://www.suse.com/security/cve/CVE-2026-15181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-15184 page",
"url": "https://www.suse.com/security/cve/CVE-2026-15184/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9529 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9529/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9530 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9530/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-9605 page",
"url": "https://www.suse.com/security/cve/CVE-2026-9605/"
}
],
"title": "Security update for libredwg",
"tracking": {
"current_release_date": "2026-07-13T10:19:51Z",
"generator": {
"date": "2026-07-13T10:19:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:21346-1",
"initial_release_date": "2026-07-13T10:19:51Z",
"revision_history": [
{
"date": "2026-07-13T10:19:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"product": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"product_id": "libredwg-devel-0.14.8413-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"product": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"product_id": "libredwg-tools-0.14.8413-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libredwg0-0.14.8413-bp160.1.1.aarch64",
"product": {
"name": "libredwg0-0.14.8413-bp160.1.1.aarch64",
"product_id": "libredwg0-0.14.8413-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"product": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"product_id": "libredwg-devel-0.14.8413-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"product": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"product_id": "libredwg-tools-0.14.8413-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libredwg0-0.14.8413-bp160.1.1.ppc64le",
"product": {
"name": "libredwg0-0.14.8413-bp160.1.1.ppc64le",
"product_id": "libredwg0-0.14.8413-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libredwg-devel-0.14.8413-bp160.1.1.s390x",
"product": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.s390x",
"product_id": "libredwg-devel-0.14.8413-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libredwg-tools-0.14.8413-bp160.1.1.s390x",
"product": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.s390x",
"product_id": "libredwg-tools-0.14.8413-bp160.1.1.s390x"
}
},
{
"category": "product_version",
"name": "libredwg0-0.14.8413-bp160.1.1.s390x",
"product": {
"name": "libredwg0-0.14.8413-bp160.1.1.s390x",
"product_id": "libredwg0-0.14.8413-bp160.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"product": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"product_id": "libredwg-devel-0.14.8413-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"product": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"product_id": "libredwg-tools-0.14.8413-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libredwg0-0.14.8413-bp160.1.1.x86_64",
"product": {
"name": "libredwg0-0.14.8413-bp160.1.1.x86_64",
"product_id": "libredwg0-0.14.8413-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64"
},
"product_reference": "libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le"
},
"product_reference": "libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x"
},
"product_reference": "libredwg-devel-0.14.8413-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-devel-0.14.8413-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64"
},
"product_reference": "libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64"
},
"product_reference": "libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le"
},
"product_reference": "libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x"
},
"product_reference": "libredwg-tools-0.14.8413-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg-tools-0.14.8413-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64"
},
"product_reference": "libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg0-0.14.8413-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64"
},
"product_reference": "libredwg0-0.14.8413-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg0-0.14.8413-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le"
},
"product_reference": "libredwg0-0.14.8413-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg0-0.14.8413-bp160.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x"
},
"product_reference": "libredwg0-0.14.8413-bp160.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libredwg0-0.14.8413-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
},
"product_reference": "libredwg0-0.14.8413-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-15181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-15181"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-15181",
"url": "https://www.suse.com/security/cve/CVE-2026-15181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "important"
}
],
"title": "CVE-2026-15181"
},
{
"cve": "CVE-2026-15184",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-15184"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwg_next_entity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument next_obj results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used. Upgrading to version 0.14 is sufficient to resolve this issue. The patch is named dde45dac3c4d902e4d8fed150a8017b9732019c9. Upgrading the affected component is recommended. Different than CVE-2026-9503.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-15184",
"url": "https://www.suse.com/security/cve/CVE-2026-15184"
},
{
"category": "external",
"summary": "SUSE Bug 1271170 for CVE-2026-15184",
"url": "https://bugzilla.suse.com/1271170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "low"
}
],
"title": "CVE-2026-15184"
},
{
"cve": "CVE-2026-9501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9501"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipulation can lead to reachable assertion. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. A patch should be applied to remediate this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9501",
"url": "https://www.suse.com/security/cve/CVE-2026-9501"
},
{
"category": "external",
"summary": "SUSE Bug 1266377 for CVE-2026-9501",
"url": "https://bugzilla.suse.com/1266377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "low"
}
],
"title": "CVE-2026-9501"
},
{
"cve": "CVE-2026-9502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9502"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was identified in GNU LibreDWG up to 0.14. This affects the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The identifier of the patch is e501cb9926c1e9a07a0d1cc997f3e69e9be801c9. To fix this issue, it is recommended to deploy a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9502",
"url": "https://www.suse.com/security/cve/CVE-2026-9502"
},
{
"category": "external",
"summary": "SUSE Bug 1266378 for CVE-2026-9502",
"url": "https://bugzilla.suse.com/1266378"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "moderate"
}
],
"title": "CVE-2026-9502"
},
{
"cve": "CVE-2026-9503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9503"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9503",
"url": "https://www.suse.com/security/cve/CVE-2026-9503"
},
{
"category": "external",
"summary": "SUSE Bug 1266379 for CVE-2026-9503",
"url": "https://bugzilla.suse.com/1266379"
},
{
"category": "external",
"summary": "SUSE Bug 1271170 for CVE-2026-9503",
"url": "https://bugzilla.suse.com/1271170"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "low"
}
],
"title": "CVE-2026-9503"
},
{
"cve": "CVE-2026-9504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9504"
}
],
"notes": [
{
"category": "general",
"text": "A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. Patch name: be996bf2178a40e98720f18c2414815d244413db. Applying a patch is the recommended action to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9504",
"url": "https://www.suse.com/security/cve/CVE-2026-9504"
},
{
"category": "external",
"summary": "SUSE Bug 1266321 for CVE-2026-9504",
"url": "https://bugzilla.suse.com/1266321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "low"
}
],
"title": "CVE-2026-9504"
},
{
"cve": "CVE-2026-9529",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9529"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been released to the public and may be used for attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9529",
"url": "https://www.suse.com/security/cve/CVE-2026-9529"
},
{
"category": "external",
"summary": "SUSE Bug 1266380 for CVE-2026-9529",
"url": "https://bugzilla.suse.com/1266380"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "low"
}
],
"title": "CVE-2026-9529"
},
{
"cve": "CVE-2026-9530",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9530"
}
],
"notes": [
{
"category": "general",
"text": "A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a manipulation can lead to out-of-bounds read. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called 8f03865f37f5d4ffd616fef802acc980be54d300. It is advisable to implement a patch to correct this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9530",
"url": "https://www.suse.com/security/cve/CVE-2026-9530"
},
{
"category": "external",
"summary": "SUSE Bug 1266287 for CVE-2026-9530",
"url": "https://bugzilla.suse.com/1266287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "moderate"
}
],
"title": "CVE-2026-9530"
},
{
"cve": "CVE-2026-9605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-9605"
}
],
"notes": [
{
"category": "general",
"text": "A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-9605",
"url": "https://www.suse.com/security/cve/CVE-2026-9605"
},
{
"category": "external",
"summary": "SUSE Bug 1266365 for CVE-2026-9605",
"url": "https://bugzilla.suse.com/1266365"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-devel-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg-tools-0.14.8413-bp160.1.1.x86_64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.aarch64",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.s390x",
"openSUSE Leap 16.0:libredwg0-0.14.8413-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-13T10:19:51Z",
"details": "important"
}
],
"title": "CVE-2026-9605"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…