Heap Buffer Overflow Vulnerability in LibreOffice Calc by The Document Foundation
CVE-2026-8358

5.4MEDIUM

Key Information:

Vendor: The Document Foundation
Status: Libreoffice
Vendor: CVE Published:; 15 June 2026

🔔 Create The Document Foundation Vulnerability Alert

What is CVE-2026-8358?

A vulnerability has been discovered in LibreOffice Calc that may lead to a heap buffer overflow when importing tracked changes from spreadsheet documents. This issue arises when a document reuses the same change identifier for different types of changes, causing the importer to incorrectly handle the change object as a larger type. This misinterpretation can lead to writing data beyond the allocated memory, potentially exposing the application to exploitation. The fixed versions now reject records with duplicate identifiers, enhancing the security of document handling.

Affected Version(s)

LibreOffice 26.2

References

https://www.libreoffice.org/about-us/security/advisories/...

CVSS V4

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
May 11, 2026

Credit

Anthropic (automated discovery using Claude)

Arthur Chan of Ada Logics (validation and reporting)

CVE-2026-8358 Data

JSON