CVE Catalog

CVE-2026-8358

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

LibreOffice Calc had a heap buffer overflow vulnerability when a document reused the same change identifier for two different kinds of changes. This led to writing past the end of its allocation.

Risk Assessment

An attacker could exploit this vulnerability to inject malicious code or destabilize the application, potentially leading to data loss or security breaches.

Recommendation

It is recommended to update LibreOffice to the latest version, which includes fixes that reject records with duplicate identifiers.

Original NVD description (English source)

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS