CVE-2026-8358
published 2026-06-15CVE-2026-8358: LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for…
PriorityP423medium5.4CVSS 4.0
AVLACLATNPRNUIPVCLVILVAHSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.17%
6.8th percentile
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libreoffice | libreoffice | — | — |
| the_document_foundation | libreoffice | >= 25.8 < < 25.8.7 | < 25.8.7 |
| the_document_foundation | libreoffice | >= 26.2 < < 26.2.4 | < 26.2.4 |
CVSS provenance
nvdv4.05.4MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LibreOffice Calc can import tracked changes from a spreadsheet document.
ghsa_unreviewed·2026-06-15
CVE-2026-8358 [MEDIUM] CWE-787 LibreOffice Calc can import tracked changes from a spreadsheet document.
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
VulDB
LibreOffice up to 26.2.3 type confusion
vuldb·2026-06-15·CVSS 5.4
CVE-2026-8358 [MEDIUM] LibreOffice up to 26.2.3 type confusion
A vulnerability marked as critical has been reported in LibreOffice up to 26.2.3. Affected is an unknown function. Performing a manipulation results in type confusion.
This vulnerability is identified as CVE-2026-8358. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
Red Hat
LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
vendor_redhat·2026-06-15·CVSS 5.4
CVE-2026-8358 [MEDIUM] CWE-787 LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
A heap-based buffer overflow vulnerability was discovered in LibreOffice Calc's spreadsheet importer. When processing tracked changes from a spreadsheet document, the application fails to properly handle duplicate change identifiers. By reusing the same change identifier for two distinct types of change objects,
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-8358 libreoffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document. [fedora-all]
bugzilla·2026-06-22·CVSS 5.4
CVE-2026-8358 [MEDIUM] CVE-2026-8358 libreoffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document. [fedora-all]
CVE-2026-8358 libreoffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document. [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-8358 LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
bugzilla·2026-06-15·CVSS 5.4
CVE-2026-8358 [MEDIUM] CVE-2026-8358 LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
CVE-2026-8358 LibreOffice: LibreOffice Calc: Heap buffer overflow leads to denial of service via crafted spreadsheet document.
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.
2026-06-15
Published