CVE-2026-6045
published 2026-06-15CVE-2026-6045: LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of…
PriorityP425medium5.4CVSS 4.0
AVLACLATNPRNUIPVCLVILVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.12%
2.1th percentile
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libreoffice | libreoffice | — | — |
| the_document_foundation | libreoffice | >= 25.8 < < 25.8.7 | < 25.8.7 |
| the_document_foundation | libreoffice | >= 26.2 < < 26.2.3 | < 26.2.3 |
CVSS provenance
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libreoffice: LibreOffice: Heap buffer overflow via crafted EMF+ graphics import
vendor_redhat·2026-06-15·CVSS 5.4
CVE-2026-6045 [MEDIUM] CWE-190 libreoffice: LibreOffice: Heap buffer overflow via crafted EMF+ graphics import
libreoffice: LibreOffice: Heap buffer overflow via crafted EMF+ graphics import
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.
A flaw was found in LibreOffice. A heap buffer overflow exists when importing EMF+ graphics, which may be embedded in documents. An attacker could exploit this by convincing a user to open a specially crafted document. This could lead to
GHSA
LibreOffice can import EMF+ graphics, which may be embedded in documents.
ghsa_unreviewed·2026-06-15
CVE-2026-6045 [MEDIUM] CWE-190 LibreOffice can import EMF+ graphics, which may be embedded in documents.
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.
VulDB
LibreOffice up to 25.8.6/26.2.2 out-of-bounds write
vuldb·2026-06-15·CVSS 5.4
CVE-2026-6045 [MEDIUM] LibreOffice up to 25.8.6/26.2.2 out-of-bounds write
A vulnerability was found in LibreOffice up to 25.8.6/26.2.2. It has been rated as critical. The affected element is an unknown function. The manipulation leads to out-of-bounds write.
This vulnerability is uniquely identified as CVE-2026-6045. The attack is possible to be carried out remotely. No exploit exists.
Upgrading the affected component is advised.
No detection rules found.
No public exploits indexed.
2026-06-15
Published