CVE-2026-8357

Summary

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

Affected Software

VendorProductVersion RangeStatus
The Document FoundationLibreOffice26.2 < < 26.2.4affected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds Write
  • CWE-193: CWE-193 Off-by-one Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation

Additional References

References