CVE-2026-6039
Deferred Deferred - Pending Action
Heap Buffer Overflow in LibreOffice DXF Import

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Document Foundation, The

Description
LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-6039
EUVD
EUVD-2026-36734
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_document_foundation libreoffice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-197 Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, you should update LibreOffice to a fixed version where oversized DXF polylines are rejected, preventing the heap buffer overflow.

Executive Summary

This vulnerability exists in LibreOffice when importing drawings in the DXF format used by CAD software. Specifically, a heap buffer overflow occurs during the import of a DXF polyline. The issue arises because the point count from the file is truncated to a 16-bit value when sizing the point buffer, but the full point count is used to fill the buffer. If the polyline's point count exceeds the 16-bit range, data is written past the end of the allocated buffer, causing a heap buffer overflow. Fixed versions of LibreOffice reject such oversized polylines to prevent this issue.

Impact Analysis

The heap buffer overflow caused by this vulnerability can lead to memory corruption, which may result in application crashes or potentially allow an attacker to execute arbitrary code with the privileges of the user running LibreOffice. This could compromise the security and stability of the system where the vulnerable LibreOffice version is used.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart