Heap Buffer Overflow in LibreOffice Related to EMF+ Graphics
CVE-2026-6045

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-6045?

LibreOffice has a vulnerability that occurs during the import of EMF+ graphics, specifically related to gradient brushes. When a document contains an EMF+ graphic, the application reads the number of gradient blend points to calculate the necessary memory allocation. However, if an overflow happens during this computation, it may result in a small buffer being allocated. Consequently, when data is written to this buffer, it exceeds its limits, leading to a heap buffer overflow. In response, updated versions of LibreOffice implement checks to ensure that the blend-point count aligns with the available data before proceeding with memory allocation, thereby mitigating the risk of such vulnerabilities.

Affected Version(s)

LibreOffice 25.8

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 9, 2026

Credit

Anthropic (automated discovery using Claude)

Trail of Bits (triage and validation)

CVE-2026-6045 Data

JSON