CVE-2026-9503— GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference
Possible ATT&CK Techniques 1AI
T1055 · Process InjectionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9503
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9503
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-9503
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-9503 (1)
Vendor Pages for CVE-2026-9503 (1)
Other References for CVE-2026-9503 (2)
Same Patch Batch · GNU · 2026-05-25 · 5 CVEs total
| CVE-2026-9500 | 5.3 MEDIUM | GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow |
| CVE-2026-9502 | 5.3 MEDIUM | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow |
| CVE-2026-9501 | 3.3 LOW | GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion |
| CVE-2026-9504 | 3.3 LOW | GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds |
IV. Related Vulnerabilities
Same product: LibreDWG
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same vendor: GNU
- CVE-2026-9605
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based ov - CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same weakness: CWE-476
- CVE-2026-9567
GPAC MP4Box isom_intern.c MergeFragment null pointer derefer - CVE-2026-7450
PAR File Parsing NULL Pointer Dereference in Autodesk 3ds Ma - CVE-2026-8850
IBM HTTP Server is affected by multiple vulnerabilities - CVE-2026-8479
IEC 60870-5-104空指针解引用导致DoS - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu
V. Comments for CVE-2026-9503
No comments yet