| Title | LibreDWG libredwg main branch @0b57303 (latest as of 2026-04-29) Heap-buffer-overflow (Out-of-bounds Heap Write) |
|---|
| Description | LibreDWG is an open-source library for reading and writing AutoCAD DWG files. A critical heap buffer overflow vulnerability has been discovered in its dwgbmp utility.
When processing a maliciously crafted DWG file, an out-of-bounds heap write operation occurs in the bit_write_RC() function at src/bits.c:311 during the decompression of R2004 compressed sections. This vulnerability allows attackers to corrupt heap memory by tricking users into opening specially designed DWG files, potentially leading to arbitrary code execution or reliable denial of service.
This vulnerability is related to issue #1248. The maintainer has submitted a fix commit (87c63bf) on May 3, 2026, which addresses this issue by adding proper section address bounds checking and clamping the data_size parameter to prevent buffer overflows. |
|---|
| Source | ⚠️ https://github.com/LibreDWG/libredwg/issues/1254 |
|---|
| User | pwn3rd (UID 97480) |
|---|
| Submission | 05/18/2026 05:25 (21 days ago) |
|---|
| Moderation | 06/04/2026 20:07 (18 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 365549 [GNU LibreDWG up to 0.14 Dwgbmp Utility src/decode.c read_2004_compressed_section out-of-bounds] |
|---|
| Points | 0 |
|---|