CVE-2026-9529: NULL Pointer Dereference in GNU LibreDWG
A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been released to the public and may be used for attacks.
AI Analysis
Technical Summary
This vulnerability in GNU LibreDWG affects versions 0.1 through 0.14 and is caused by a NULL pointer dereference in the match_BLOCK_HEADER function of the Dwggrep utility component. The issue can be triggered by local manipulation, leading to potential denial of service or application crash. The CVSS 4.8 score reflects a medium severity with low attack complexity and no user interaction required. No official fix or patch is currently documented.
Potential Impact
The impact is limited to local users who can trigger a NULL pointer dereference, likely causing a denial of service or crash of the Dwggrep utility. There is no indication of privilege escalation, remote exploitation, or data compromise from the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users and avoid running the vulnerable Dwggrep utility with untrusted input. Monitor vendor channels for updates.
CVE-2026-9529: NULL Pointer Dereference in GNU LibreDWG
Description
A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulation results in null pointer dereference. The attack requires a local approach. The exploit has been released to the public and may be used for attacks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in GNU LibreDWG affects versions 0.1 through 0.14 and is caused by a NULL pointer dereference in the match_BLOCK_HEADER function of the Dwggrep utility component. The issue can be triggered by local manipulation, leading to potential denial of service or application crash. The CVSS 4.8 score reflects a medium severity with low attack complexity and no user interaction required. No official fix or patch is currently documented.
Potential Impact
The impact is limited to local users who can trigger a NULL pointer dereference, likely causing a denial of service or crash of the Dwggrep utility. There is no indication of privilege escalation, remote exploitation, or data compromise from the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users and avoid running the vulnerable Dwggrep utility with untrusted input. Monitor vendor channels for updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-05-25T19:38:59.163Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a1527a4a5ae1af1aa42545a
Added to database: 5/26/2026, 4:55:00 AM
Last enriched: 5/26/2026, 5:10:08 AM
Last updated: 5/26/2026, 12:43:47 PM
Views: 18
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.