CVE-2026-8357
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
A heap buffer overflow vulnerability in LibreOffice Calc occurs when compiling a very long formula with many opening tokens. The array tracking nesting depth is allocated one element too small, causing a write past its end.
Risk Assessment
An attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service, compromising data confidentiality and integrity in the organization.
Recommendation
Immediately update LibreOffice to a version where the nesting tracking array allocation is fixed to prevent buffer overflow.
Original NVD description (English source)
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

