Stack Buffer Overflow in LibreOffice Affecting Presentation Imports
CVE-2026-8356

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-8356?

A stack buffer overflow vulnerability was discovered in LibreOffice, specifically related to the import of presentations in the legacy binary PPT format. When processing a color-replacement record, this flaw occurred due to the failure to reset the write position between two passes over fixed-size color tables. If the combined color counts exceeded the size of these tables, it led to writing beyond their allocated size on the stack. Affected versions of LibreOffice have been updated to eliminate this vulnerability by preventing unnecessary reads into those tables during the import process.

Affected Version(s)

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 11, 2026

Credit

Anthropic (automated discovery using Claude)

Arthur Chan of Ada Logics (validation and reporting)

CVE-2026-8356 Data

JSON