A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bitreadRC of the file bits.c of the component Dwgbmp Utility. This manipulation causes heap-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. Patch name: 8f03865f37f5d4ffd616fef802acc980be54d300. Applying a patch is the recommended action to fix this issue.
{
"cna_assigner": "VulDB",
"cwe_ids": [
"CWE-119",
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/9xxx/CVE-2026-9605.json"
}