Libredwg

This hub aggregates every CVE we track for Libredwg, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

OSS Libraries

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH61MEDIUM25LOW5CRITICAL5

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Libredwg.

CVE-2026-9605GNU libredwg Dwgbmp Utility bits.c bit_read_RC heap-based overflow7.3May 26, 2026
CVE-2026-9530GNU LibreDWG Dwgbmp Utility decode.c read_2004_compressed_section out-of-bounds3.3May 26, 2026
CVE-2026-9529GNU LibreDWG Dwggrep Utility dwggrep.c match_BLOCK_HEADER null pointer dereference3.3May 26, 2026
CVE-2026-9504GNU LibreDWG Dwggrep Utility dwggrep.c bit_convert_TU out-of-bounds3.3May 25, 2026
CVE-2026-9503GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference3.3May 25, 2026
CVE-2026-9502GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section heap-based overflow5.3May 25, 2026
CVE-2026-9501GNU LibreDWG Dwgread Utility decode.c decompress_R2004_section assertion3.3May 25, 2026
CVE-2026-9500GNU LibreDWG Dwgread Utility decode.c read_2004_compressed_section heap-based overflow5.3May 25, 2026
CVE-2025-61154Heap buffer overflow vulnerability in LibreDWG versions v0.13.3.7571 up to v0.13.3.7835 allows a crafted DWG file to cause a Denial of Service (DoS) via the function decompress_R2004_section at dec...6.5Mar 12, 2026
CVE-2023-26157Versions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.5.5Jan 2, 2024
CVE-2023-36274LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.8.8Jun 23, 2023
CVE-2023-36273LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.8.8Jun 23, 2023
CVE-2023-36272LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.8.8Jun 23, 2023
CVE-2023-36271LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.8.8Jun 23, 2023
CVE-2023-25222A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12.5 via the bit_read_RC function at bits.c.8.8Mar 1, 2023

Product normalization is registry-driven with AI assist and human review. How it works