CVE-2026-8357
MEDIUM 5.4LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.1%chance of exploitation in 30 days · 4th percentile
Impact if exploited
5.4CVSS 4.0 · MEDIUM
- ConfidentialityLow
- IntegrityLow
- AvailabilityHigh
What an attacker needs
- ⚠Access: Requires local access to the host
- ✓Privileges: No account or privileges required
- ⚠User interaction: Succeeds with passive user activity
- ✓Complexity: No special conditions — reliably repeatable
- ✓Requirements: No special attack requirements
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors The Document Foundation Red Hat
Products Libreoffice Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
Weakness (CWE)
- CWE-787: Out-of-bounds write
- CWE-193
- CWE-131
CVSS vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P