CVE-2026-8357

Vulnerability

LibreOffice Calc performs compilation of cell formulas when opening a spreadsheet. A heap buffer overflow exists in the formula compiler when processing a very long formula composed of many opening tokens (e.g., nested parentheses). The array that tracks nesting depth is allocated one element too small for this worst-case scenario, causing a write one element past its end. Affected versions are LibreOffice from 26.2 before 26.2.3 and from 25.8 before 25.8.7 [1].

Exploitation

An attacker can craft a malicious spreadsheet containing such a formula and deliver it to a target, typically via email or download. No special network position or authentication is required; user interaction is limited to opening the file. The overflow occurs during the formula compilation stage, before any formula execution.

Impact

Successful exploitation results in an out-of-bounds write on the heap. This memory corruption can be leveraged to achieve arbitrary code execution in the context of the user opening the document, leading to full compromise of the victim's system and potential data loss or theft.

Mitigation

The vulnerability is addressed in LibreOffice versions 26.2.3 and 25.8.7, released on or around May 06, 2026 [1]. Users are strongly advised to upgrade to these or later versions. No workaround is available; updating is the only recommended mitigation.