OSV-2026-892

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2026-892.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-892
Published
2026-06-09T00:07:59.081654Z
Modified
2026-06-10T14:44:34.266794Z
Summary
Heap-buffer-overflow in decode_R13_RNUMBER
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=521044421

Crash type: Heap-buffer-overflow READ 8
Crash state:
decode_R13_RNUMBER
dwg_decode
llvmfuzz.c
References

Affected packages

OSS-Fuzz / libredwg

Package

Name
libredwg
Purl
pkg:generic/libredwg

Affected ranges

Type
GIT
Repo
https://github.com/LibreDWG/libredwg
Events
Introduced
c89f635505028a11fadb9a0904d2c3bd44f1b23a
Fixed
360ed38a2c4f948689e5f9851a744016928becdc
Fixed
0156c780ac6b109d191975041def0a258b0b75fc

Affected versions

0.*
0.13.4.8237
0.13.4.8241
0.13.4.8246

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libredwg/OSV-2026-892.yaml"
introduced_range 
"69d7addfaa05ffd3b9a49986f361917e23780083:57e4fd0969532e585b966d15cbbf60ca6e868b32"
fixed_range 
"08c034a224a4e9512b1cd62e74b5cf081a4cfa89:360ed38a2c4f948689e5f9851a744016928becdc"