QSearchQSearch

CVE-2026-6045

LibreOffice can import EMF+ graphics, which may be embedded in documents

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CWE
CWE-190, CWE-787

Description

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-53705 A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good (7.6 HIGH)
  • CVE-2026-52722 A signed integer overflow vulnerability was found in GStreamer's VMnc decoder (7.1 HIGH)
  • CVE-2025-55647 An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of ... (5.5 MEDIUM)
  • CVE-2026-8358 LibreOffice Calc can import tracked changes from a spreadsheet document
  • CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet