Home

Description

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

PUBLISHED Reserved 2026-03-19 | Published 2026-05-07 | Updated 2026-05-07 | Assigner Document Fdn.




MEDIUM: 5.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-787 Out-of-bounds write

Product status

Default status
unaffected

26.2 (26 series) before 26.2.3
affected

25.8 (25 series) before 25.8.7
affected

Credits

Duc Anh Nguyen (@Danzation) finder

Caolán McNamara <caolan.mcnamara@collabora.com> remediation developer

References

www.libreoffice.org/...-us/security/advisories/cve-2026-4430

cve.org (CVE-2026-4430)

nvd.nist.gov (CVE-2026-4430)

Download JSON