{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/libredwg/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-9605"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["libredwg"],"_cs_severities":["high"],"_cs_tags":["heap-based buffer overflow","libredwg","cve-2026-9605"],"_cs_type":"advisory","_cs_vendors":["GNU"],"content_html":"\u003cp\u003eGNU libredwg, a library for reading and writing DWG files, is vulnerable to a heap-based buffer overflow (CVE-2026-9605). This vulnerability affects versions up to 0.13.4.8160. The flaw resides within the \u003ccode\u003ebit_read_RC\u003c/code\u003e function in the \u003ccode\u003ebits.c\u003c/code\u003e file of the \u003ccode\u003eDwgbmp Utility\u003c/code\u003e component. Successful exploitation could allow a remote attacker to execute arbitrary code on the targeted system. A patch (8f03865f37f5d4ffd616fef802acc980be54d300) is available to remediate this vulnerability. Public exploits exist, increasing the risk of exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious DWG file containing a specially formatted bitmap (BMP) image.\u003c/li\u003e\n\u003cli\u003eThe victim opens the malicious DWG file using an application that utilizes the vulnerable GNU libredwg library.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eDwgbmp Utility\u003c/code\u003e component of libredwg attempts to process the embedded BMP image.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebit_read_RC\u003c/code\u003e function in \u003ccode\u003ebits.c\u003c/code\u003e is called during the processing of the bitmap data.\u003c/li\u003e\n\u003cli\u003eDue to insufficient bounds checking, the \u003ccode\u003ebit_read_RC\u003c/code\u003e function writes data beyond the allocated buffer on the heap.\u003c/li\u003e\n\u003cli\u003eThis heap-based buffer overflow corrupts adjacent memory regions, potentially overwriting critical data structures.\u003c/li\u003e\n\u003cli\u003eThe memory corruption leads to a crash or, with carefully crafted input, allows the attacker to execute arbitrary code.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the application, potentially compromising the entire system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-9605 can lead to arbitrary code execution on the victim\u0026rsquo;s system. This could allow an attacker to install malware, steal sensitive data, or take complete control of the affected machine. The vulnerability affects any application that uses the vulnerable versions of GNU libredwg to process DWG files.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch 8f03865f37f5d4ffd616fef802acc980be54d300 provided by GNU to remediate CVE-2026-9605.\u003c/li\u003e\n\u003cli\u003eMonitor process creation events for applications using libredwg that spawn child processes (see Sigma rule \u0026ldquo;Detect Suspicious libredwg Process Creation\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect DWG File Processing with Unusual Arguments\u0026rdquo; to identify potential exploitation attempts through suspicious command-line arguments when processing DWG files.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-27T00:17:27Z","date_published":"2026-05-27T00:17:27Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9605-libredwg-overflow/","summary":"A heap-based buffer overflow vulnerability (CVE-2026-9605) exists in GNU libredwg up to version 0.13.4.8160 within the bit_read_RC function of the Dwgbmp Utility, potentially allowing a remote attacker to execute arbitrary code.","title":"CVE-2026-9605 Heap-Based Buffer Overflow in GNU libredwg","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-9605-libredwg-overflow/"}],"language":"en","title":"CraftedSignal Threat Feed — Libredwg","version":"https://jsonfeed.org/version/1.1"}