CVE-2026-8356

Vulnerability

A stack buffer overflow exists in LibreOffice when importing presentations in the legacy binary PPT format. The vulnerability is in the handling of a colour-replacement record. Two fixed-size colour tables are filled from the file, but the write position is not reset between the two passes over the record. Consequently, a file whose combined colour counts exceed the table size writes past the end of the tables on the stack. Affected versions include LibreOffice from 26.2 before 26.2.3 and from 25.8 before 25.8.7 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious PPT file with a colour-replacement record that specifies a large number of colours across the two passes. The attacker does not require any special network position or authentication; the victim must only open the malicious file in an affected version of LibreOffice. No user interaction beyond opening the file is needed.

Impact

Successful exploitation results in a stack buffer overflow, which can lead to memory corruption. The attacker may achieve arbitrary code execution or cause a denial of service. The exact impact depends on the memory layout and mitigations, but the vulnerability is classified as medium severity.

Mitigation

The vulnerability is fixed in LibreOffice versions 26.2.3 and 25.8.7, released on 2026-06-15 [1]. Users should upgrade to these or later versions. No workaround is available for unpatched versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.