CVE Catalog

CVE-2026-9605

High
Published: Translated: NVD NIST

Summary

A flaw has been found in GNU libredwg up to version 0.13.4.8160 affecting the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This issue leads to a heap-based buffer overflow that can be exploited remotely.

Risk Assessment

The potential for a remote attack leading to buffer overflow poses a serious security risk to systems using this library, which could result in data loss or system takeover.

Recommendation

It is recommended to apply the patch named 8f03865f37f5d4ffd616fef802acc980be54d300 to fix this issue.

Original NVD description (English source)

A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS