Heap Use-After-Free Vulnerability in LibreOffice ODF Number Format
CVE-2026-6040

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-6040?

This vulnerability arises from a heap use-after-free situation that occurs during the importation of blank-width characters from an ODF number format. The flaw lies in the improper bounds-checking of a position value read from the document, allowing a malformed number format to process memory segments beyond the intended format-code string. This situation can lead to memory corruption, potentially resulting in adverse effects on the system's stability and security. Revised versions have implemented necessary position checks to prevent this issue.

Affected Version(s)

LibreOffice 25.8

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Anthropic (automated discovery using Claude)

Trail of Bits (triage and validation)

CVE-2026-6040 Data

JSON