CVE-2026-15182: Heap-based Buffer Overflow in GNU LibreDWG
CVE-2026-15182 is a heap-based buffer overflow vulnerability in GNU LibreDWG versions 0.13.0 through 0.13.4. It occurs in the dwg_bmp function of the BMP Image Handler component. The vulnerability requires local access to exploit and has been publicly disclosed. Upgrading to version 0.14 resolves the issue.
AI Analysis
Technical Summary
This vulnerability affects the dwg_bmp function in the src/dwg.c file of GNU LibreDWG up to version 0.13.4. It allows a local attacker to cause a heap-based buffer overflow by manipulating BMP image handling. The issue has been publicly disclosed, and a patch identified by commit 18fd542bb4d5ccedf9de12052bf50068b2b26f06 fixes the problem in version 0.14.
Potential Impact
A local attacker with low privileges can exploit this vulnerability to trigger a heap-based buffer overflow, potentially leading to application crashes or other undefined behavior. The CVSS score of 4.8 indicates a medium severity impact with limited attack vector and privileges required.
Mitigation Recommendations
Upgrade GNU LibreDWG to version 0.14 or later, which contains the official fix for this vulnerability. Applying the patch identified by commit 18fd542bb4d5ccedf9de12052bf50068b2b26f06 resolves the issue. No other mitigations are specified.
CVE-2026-15182: Heap-based Buffer Overflow in GNU LibreDWG
Description
CVE-2026-15182 is a heap-based buffer overflow vulnerability in GNU LibreDWG versions 0.13.0 through 0.13.4. It occurs in the dwg_bmp function of the BMP Image Handler component. The vulnerability requires local access to exploit and has been publicly disclosed. Upgrading to version 0.14 resolves the issue.
CVSS v4.0
Score 4.8medium
Affected software
pkg:github/libredwg/libredwgcpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the dwg_bmp function in the src/dwg.c file of GNU LibreDWG up to version 0.13.4. It allows a local attacker to cause a heap-based buffer overflow by manipulating BMP image handling. The issue has been publicly disclosed, and a patch identified by commit 18fd542bb4d5ccedf9de12052bf50068b2b26f06 fixes the problem in version 0.14.
Potential Impact
A local attacker with low privileges can exploit this vulnerability to trigger a heap-based buffer overflow, potentially leading to application crashes or other undefined behavior. The CVSS score of 4.8 indicates a medium severity impact with limited attack vector and privileges required.
Mitigation Recommendations
Upgrade GNU LibreDWG to version 0.14 or later, which contains the official fix for this vulnerability. Applying the patch identified by commit 18fd542bb4d5ccedf9de12052bf50068b2b26f06 resolves the issue. No other mitigations are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-07-09T04:56:52.789Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4f8a7a68715ace43466783
Added to database: 07/09/2026, 11:48:10 UTC
Last enriched: 07/09/2026, 12:02:36 UTC
Last updated: 07/09/2026, 12:39:57 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.