QSearchQSearch

CVE-2026-6040

A heap use-after-free existed when importing the blank-width characters of an ODF number format

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CWE
CWE-416, CWE-787

Description

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-55650 A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Deni... (5.5 MEDIUM)
  • CVE-2025-55644 A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Deni... (5.5 MEDIUM)
  • CVE-2026-8358 LibreOffice Calc can import tracked changes from a spreadsheet document
  • CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet
  • CVE-2026-8356 LibreOffice can import presentations in the legacy binary PPT format