CVE-2026-8357 | THREATINT

Description

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

PUBLISHED Reserved 2026-05-11 | Published 2026-06-15 | Updated 2026-06-15 | Assigner Document Fdn.

MEDIUM: 5.4CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P

Problem types

CWE-787 Out-of-bounds Write

CWE-193 Off-by-one Error

Product status

Default status

unknown

26.2 (26.2 series) before < 26.2.4

affected

Credits

Anthropic (automated discovery using Claude) finder

Arthur Chan of Ada Logics (validation and reporting) analyst

References

www.libreoffice.org/...-us/security/advisories/cve-2026-8357

cve.org (CVE-2026-8357)

nvd.nist.gov (CVE-2026-8357)

Download JSON