Heap Buffer Overflow in LibreOffice Affects DXF Input Handling
CVE-2026-6039

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-6039?

A vulnerability in LibreOffice allows for a heap buffer overflow when importing DXF files used by CAD software. The application improperly handles the point count of polylines, resulting in a situation where the buffer size is mistakenly defined using a truncated 16-bit value while the actual count surpasses this limit. This oversight can lead to writing beyond the allocated memory buffer, raising potential risks of data corruption and application crashes. Fixed versions effectively reject polylines that exceed the permissible point count, enhancing reliability and security.

Affected Version(s)

LibreOffice 25.8

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Anthropic (automated discovery using Claude)

Trail of Bits (triage and validation)

CVE-2026-6039 Data

JSON