Heap Buffer Overflow in LibreOffice Calc Affects Spreadsheet Functionality
CVE-2026-8357

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-8357?

A vulnerability exists in LibreOffice Calc that can lead to a heap buffer overflow when opening spreadsheets with excessively long formulas. This occurs due to an insufficiently sized array that tracks the nesting depth of formulas. When the depth exceeds the allocated size, it can write beyond allocated memory, potentially leading to code execution or crashes. Updated versions have corrected this issue by resizing the array to securely accommodate the maximum nesting depth of formulas, thereby mitigating the risk.

Affected Version(s)

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 11, 2026

Credit

Anthropic (automated discovery using Claude)

Arthur Chan of Ada Logics (validation and reporting)

CVE-2026-8357 Data

JSON