CVE-2026-9605— GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-9605
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-9605
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8970 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-9605
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-9605 (1)
Proof of Concept for CVE-2026-9605 (1)
Vendor Pages for CVE-2026-9605 (1)
Other References for CVE-2026-9605 (1)
Same Patch Batch · GNU · 2026-05-26 · 3 CVEs total
| CVE-2026-9530 | 3.3 LOW | GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds |
| CVE-2026-9529 | 3.3 LOW | GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference |
IV. Related Vulnerabilities
Same product: libredwg
- CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same vendor: GNU
- CVE-2026-9530
GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_se - CVE-2026-9529
GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER nu - CVE-2026-9504
GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of - CVE-2026-9503
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer - CVE-2026-9502
GNU LibreDWG Dwgread Utility decode.c decompress_R2004_secti
Same weakness: CWE-122
- CVE-2026-48065
pam_usb: Unchecked integer multiplication before xmalloc() i - CVE-2026-4391
TeamSpeak 3 Server ECC Key heap-based overflow - CVE-2026-8175
Multiple vulnerabilities in Aspera applications. - CVE-2026-44983
smallbitvec: Safe API Triggered Heap Buffer Overflow via Int - CVE-2026-8834
IBM HTTP Server is affected by multiple vulnerabilities
V. Comments for CVE-2026-9605
No comments yet