← All CVEs

CVE-2026-8357

MEDIUM 5.4

Published 2026-06-15 · Last modified 2026-06-30

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

NO EXPLOITATION SIGNALS

No known exploitation, public exploit, or elevated probability at this time. Track for changes.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 4th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

5.4CVSS 4.0 · MEDIUM

  • ConfidentialityLow
  • IntegrityLow
  • AvailabilityHigh

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: No account or privileges required
  • User interaction: Succeeds with passive user activity
  • Complexity: No special conditions — reliably repeatable
  • Requirements: No special attack requirements

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors The Document Foundation Red Hat

Products Libreoffice Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9

Weakness (CWE)

  • CWE-787: Out-of-bounds write
  • CWE-193
  • CWE-131

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P

Sources: NVD · CVE.org · EPSS