CVE Catalog

CVE-2026-8356

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

LibreOffice has a stack buffer overflow when importing presentations in the legacy PPT format. This occurs during the import of a colour-replacement record when the combined colour counts exceed the size of the colour tables.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code, potentially taking control of the user's system. Organizations should be aware of the risks associated with opening malicious PPT files.

Recommendation

It is recommended to update LibreOffice to the latest version to mitigate this vulnerability. Additionally, avoid opening PPT files from untrusted sources.

Original NVD description (English source)

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS