CVE-2026-8358

Vulnerability

A heap buffer overflow exists in LibreOffice Calc when importing tracked changes from a spreadsheet document. If a document reuses the same change identifier for two different kinds of change, the importer treats one change object as a different, larger type and writes past the end of its allocation [1]. Vulnerable versions include LibreOffice prior to 26.2.3 and prior to 25.8.7.

Exploitation

An attacker can craft a malicious OOXML document containing duplicate change identifiers. The attacker must deliver the document to a victim who opens it in an affected version of LibreOffice Calc. No special privileges or user interaction beyond opening the document are required.

Impact

Successful exploitation of the heap buffer overflow could allow an attacker to corrupt adjacent memory, potentially leading to arbitrary code execution or sensitive information disclosure. The vulnerability affects the integrity, confidentiality, and availability of the system.

Mitigation

The vulnerability is fixed in LibreOffice version 26.2.3 and 25.8.7 [1]. Users should upgrade to these or later versions. There is no workaround for unpatched versions.