CVE-2026-9503: NULL Pointer Dereference in GNU LibreDWG
CVE-2026-9503 is a medium-severity vulnerability in GNU LibreDWG up to version 0. 14. It involves a NULL pointer dereference in the dwg_next_entity function within the DWG File Handler component. The flaw requires local access to be exploited and does not require user interaction. A patch has been identified but no official remediation level or advisory details are provided. Users are advised to upgrade the affected component to address this issue.
AI Analysis
Technical Summary
This vulnerability affects GNU LibreDWG versions 0.1 through 0.14 in the dwg_next_entity function of src/decode.c. The issue is a NULL pointer dereference that can be triggered by local attackers, potentially causing a denial of service or application crash. The vulnerability has a CVSS 4.8 score, indicating medium severity, with attack vector local and low complexity. A patch commit (8f03865f37f5d4ffd616fef802acc980be54d300) has been identified, but no official vendor advisory or remediation level is provided in the data.
Potential Impact
Successful exploitation results in a NULL pointer dereference, likely causing application crashes or denial of service. The attack requires local access and does not involve user interaction or elevated privileges. There is no indication of remote exploitation or data compromise from the provided information.
Mitigation Recommendations
A patch has been identified for this vulnerability (commit 8f03865f37f5d4ffd616fef802acc980be54d300). Users should upgrade GNU LibreDWG to a version including this fix. Patch status is not yet confirmed by an official vendor advisory, so users should verify the availability and applicability of the patch from the official GNU LibreDWG sources before deployment.
CVE-2026-9503: NULL Pointer Dereference in GNU LibreDWG
Description
CVE-2026-9503 is a medium-severity vulnerability in GNU LibreDWG up to version 0. 14. It involves a NULL pointer dereference in the dwg_next_entity function within the DWG File Handler component. The flaw requires local access to be exploited and does not require user interaction. A patch has been identified but no official remediation level or advisory details are provided. Users are advised to upgrade the affected component to address this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects GNU LibreDWG versions 0.1 through 0.14 in the dwg_next_entity function of src/decode.c. The issue is a NULL pointer dereference that can be triggered by local attackers, potentially causing a denial of service or application crash. The vulnerability has a CVSS 4.8 score, indicating medium severity, with attack vector local and low complexity. A patch commit (8f03865f37f5d4ffd616fef802acc980be54d300) has been identified, but no official vendor advisory or remediation level is provided in the data.
Potential Impact
Successful exploitation results in a NULL pointer dereference, likely causing application crashes or denial of service. The attack requires local access and does not involve user interaction or elevated privileges. There is no indication of remote exploitation or data compromise from the provided information.
Mitigation Recommendations
A patch has been identified for this vulnerability (commit 8f03865f37f5d4ffd616fef802acc980be54d300). Users should upgrade GNU LibreDWG to a version including this fix. Patch status is not yet confirmed by an official vendor advisory, so users should verify the availability and applicability of the patch from the official GNU LibreDWG sources before deployment.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-25T10:04:25.840Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a154dfd5a0512ce3e9d9c01
Added to database: 5/26/2026, 7:38:37 AM
Last enriched: 5/26/2026, 7:38:59 AM
Last updated: 5/26/2026, 7:47:23 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.