QSearchQSearch

CVE-2026-8358

LibreOffice Calc can import tracked changes from a spreadsheet document

Published: 2026-06-15 · Last updated: 2026-06-15

Severity and scoring

CWE
CWE-787, CWE-843

Description

LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-8357 LibreOffice Calc compiles cell formulas when opening a spreadsheet
  • CVE-2026-8356 LibreOffice can import presentations in the legacy binary PPT format
  • CVE-2026-6047 LibreOffice can import documents in the OOXML format (DOCX)
  • CVE-2026-6045 LibreOffice can import EMF+ graphics, which may be embedded in documents
  • CVE-2026-6040 A heap use-after-free existed when importing the blank-width characters of an ODF number format