QSearchQSearch

CVE-2026-6047

LibreOffice can import documents in the OOXML format (DOCX)

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CWE
CWE-787, CWE-843

Description

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-8358 LibreOffice Calc can import tracked changes from a spreadsheet document
  • CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet
  • CVE-2026-8356 LibreOffice can import presentations in the legacy binary PPT format
  • CVE-2026-6045 LibreOffice can import EMF+ graphics, which may be embedded in documents
  • CVE-2026-6040 A heap use-after-free existed when importing the blank-width characters of an ODF number format