๐Ÿ” CVE Alert

CVE-2026-15520

MEDIUM 5.3

GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow

CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompress_R2004_section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Upgrading to version 0.14.8396 will fix this issue. This patch is called 3d0f9fc2eddbd6579c99af3111c37c98f03475d0. You should upgrade the affected component.

CWE CWE-122 CWE-119
Vendor gnu
Product libredwg
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for gnu libredwg

Be the first to know when new medium vulnerabilities affecting gnu libredwg are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

GNU / LibreDWG
0.13.4-154-g0b573035

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377849 vuldb.com: https://vuldb.com/vuln/377849/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15520 vuldb.com: https://vuldb.com/submit/851190 github.com: https://github.com/LibreDWG/libredwg/issues/1251 github.com: https://github.com/advisories/GHSA-qg2f-8389-w95j github.com: https://github.com/HackC0der/CVE-Repos/blob/main/libredwg/libredwg_0b57303_heap_overflow_decompress_R2004_section.dwg github.com: https://github.com/LibreDWG/libredwg/commit/3d0f9fc2eddbd6579c99af3111c37c98f03475d0 github.com: https://github.com/LibreDWG/libredwg/releases/tag/0.14.8396 gnu.org: https://www.gnu.org/

Credits

๐Ÿ” Ech06 (VulDB User)