CVE-2026-9503

Source
https://cve.org/CVERecord?id=CVE-2026-9503
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9503.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-9503
Downstream
Related
Published
2026-05-25T21:00:16.085Z
Modified
2026-07-08T08:13:42.593217116Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference
Details

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is identified as 8f03865f37f5d4ffd616fef802acc980be54d300. Upgrading the affected component is advised.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.1"
                },
                {
                    "last_affected": "0.1"
                },
                {
                    "introduced": "0.2"
                },
                {
                    "last_affected": "0.2"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9503.json",
    "cwe_ids": [
        "CWE-404",
        "CWE-476"
    ],
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/libredwg/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/libredwg/libredwg
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0.3"
        },
        {
            "last_affected": "0.3"
        },
        {
            "introduced": "0.4"
        },
        {
            "last_affected": "0.4"
        },
        {
            "introduced": "0.5"
        },
        {
            "last_affected": "0.5"
        },
        {
            "introduced": "0.6"
        },
        {
            "last_affected": "0.6"
        },
        {
            "introduced": "0.7"
        },
        {
            "last_affected": "0.7"
        },
        {
            "introduced": "0.8"
        },
        {
            "last_affected": "0.8"
        },
        {
            "introduced": "0.9"
        },
        {
            "last_affected": "0.9"
        },
        {
            "introduced": "0.10"
        },
        {
            "last_affected": "0.10"
        },
        {
            "introduced": "0.11"
        },
        {
            "last_affected": "0.11"
        },
        {
            "introduced": "0.12"
        },
        {
            "last_affected": "0.12"
        },
        {
            "introduced": "0.13"
        },
        {
            "last_affected": "0.13"
        },
        {
            "introduced": "0.14"
        },
        {
            "last_affected": "0.14"
        }
    ]
}

Affected versions

0.*
0.10
0.10.1
0.11
0.11.1
0.12
0.12.1
0.12.2
0.12.3
0.12.4
0.12.5
0.13
0.13.1
0.13.2
0.13.3
0.13.3.7163
0.13.3.7165
0.13.3.7166
0.13.3.7168
0.13.3.7176
0.13.3.7183
0.13.3.7186
0.13.3.7187
0.13.3.7190
0.13.3.7199
0.13.3.7217
0.13.3.7220
0.13.3.7223
0.13.3.7224
0.13.3.7225
0.13.3.7226
0.13.3.7227
0.13.3.7233
0.13.3.7240
0.13.3.7246
0.13.3.7251
0.13.3.7257
0.13.3.7259
0.13.3.7262
0.13.3.7264
0.13.3.7265
0.13.3.7268
0.13.3.7270
0.13.3.7273
0.13.3.7298
0.13.3.7306
0.13.3.7308
0.13.3.7320
0.13.3.7324
0.13.3.7327
0.13.3.7338
0.13.3.7341
0.13.3.7344
0.13.3.7345
0.13.3.7351
0.13.3.7371
0.13.3.7377
0.13.3.7385
0.13.3.7405
0.13.3.7409
0.13.3.7411
0.13.3.7412
0.13.3.7414
0.13.3.7420
0.13.3.7424
0.13.3.7426
0.13.3.7429
0.13.3.7431
0.13.3.7434
0.13.3.7437
0.13.3.7442
0.13.3.7445
0.13.3.7453
0.13.3.7456
0.13.3.7460
0.13.3.7466
0.13.3.7469
0.13.3.7472
0.13.3.7473
0.13.3.7483
0.13.3.7491
0.13.3.7501
0.13.3.7507
0.13.3.7516
0.13.3.7533
0.13.3.7534
0.13.3.7535
0.13.3.7539
0.13.3.7545
0.13.3.7551
0.13.3.7552
0.13.3.7554
0.13.3.7557
0.13.3.7558
0.13.3.7562
0.13.3.7571
0.13.3.7574
0.13.3.7577
0.13.3.7582
0.13.3.7599
0.13.3.7600
0.13.3.7603
0.13.3.7635
0.13.3.7637
0.13.3.7640
0.13.3.7646
0.13.3.7649
0.13.3.7650
0.13.3.7657
0.13.3.7663
0.13.3.7665
0.13.3.7675
0.13.3.7680
0.13.3.7685
0.13.3.7686
0.13.3.7690
0.13.3.7696
0.13.3.7702
0.13.3.7715
0.13.3.7721
0.13.3.7727
0.13.3.7730
0.13.3.7737
0.13.3.7741
0.13.3.7743
0.13.3.7752
0.13.3.7761
0.13.3.7763
0.13.3.7772
0.13.3.7776
0.13.3.7778
0.13.3.7789
0.13.3.7792
0.13.3.7794
0.13.3.7797
0.13.3.7802
0.13.3.7805
0.13.3.7808
0.13.3.7810
0.13.3.7812
0.13.3.7813
0.13.3.7816
0.13.3.7819
0.13.3.7825
0.13.3.7828
0.13.3.7835
0.13.3.7842
0.13.3.7846
0.13.3.7848
0.13.3.7849
0.13.3.7850
0.13.3.7851
0.13.3.7852
0.13.3.7861
0.13.3.7867
0.13.3.7873
0.13.3.7883
0.13.3.7897
0.13.3.7901
0.13.3.7906
0.13.3.7913
0.13.3.7918
0.13.4
0.13.4.7969
0.13.4.7974
0.13.4.7976
0.13.4.7985
0.13.4.7998
0.13.4.8001
0.13.4.8014
0.13.4.8018
0.13.4.8028
0.13.4.8036
0.13.4.8043
0.13.4.8051
0.13.4.8055
0.13.4.8085
0.13.4.8091
0.13.4.8104
0.13.4.8112
0.13.4.8115
0.13.4.8118
0.13.4.8123
0.13.4.8129
0.13.4.8131
0.13.4.8140
0.13.4.8144
0.13.4.8149
0.13.4.8160
0.13.4.8163
0.14
0.3
0.4
0.4-dev
0.4.900
0.4.924
0.4.938
0.5
0.6
0.6.1
0.6.2
0.7
0.8
0.9
0.9.1
0.9.2
0.9.3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-9503.json"