CVE-2026-8357
published 2026-06-15CVE-2026-8357: LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening…
PriorityP339high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.14%
3.7th percentile
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libreoffice | libreoffice | — | — |
| the_document_foundation | libreoffice | >= 26.2 < < 26.2.4 | < 26.2.4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LibreOffice Calc compiles cell formulas when opening a spreadsheet.
ghsa_unreviewed·2026-06-15
CVE-2026-8357 [MEDIUM] CWE-193 LibreOffice Calc compiles cell formulas when opening a spreadsheet.
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
VulDB
LibreOffice up to 26.2.3 out-of-bounds write
vuldb·2026-06-15·CVSS 5.4
CVE-2026-8357 [MEDIUM] LibreOffice up to 26.2.3 out-of-bounds write
A vulnerability labeled as critical has been found in LibreOffice up to 26.2.3. This impacts an unknown function. Such manipulation leads to out-of-bounds write.
This vulnerability is referenced as CVE-2026-8357. It is possible to launch the attack remotely. No exploit is available.
The affected component should be upgraded.
Red Hat
libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
vendor_redhat·2026-06-15·CVSS 5.4
CVE-2026-8357 [MEDIUM] CWE-131 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code execution.
Statement
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation [fedora-all]
bugzilla·2026-06-18·CVSS 5.4
CVE-2026-8357 [MEDIUM] CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation [fedora-all]
CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
bugzilla·2026-06-15·CVSS 5.4
CVE-2026-8357 [MEDIUM] CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
CVE-2026-8357 libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
2026-06-15
Published