CVE-2026-6039
Deferred Deferred - Pending Action

Heap Buffer Overflow in LibreOffice DXF Import

Vulnerability report for CVE-2026-6039, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Document Foundation, The

Description

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-07-06
AI Q&A
2026-06-15
EPSS Evaluated
2026-07-04
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
the_document_foundation libreoffice *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-197 Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in LibreOffice when importing drawings in the DXF format used by CAD software. Specifically, a heap buffer overflow occurs during the import of a DXF polyline. The issue arises because the point count from the file is truncated to a 16-bit value when sizing the point buffer, but the full point count is used to fill the buffer. If the polyline's point count exceeds the 16-bit range, data is written past the end of the allocated buffer, causing a heap buffer overflow. Fixed versions of LibreOffice reject such oversized polylines to prevent this issue.

Impact Analysis

The heap buffer overflow caused by this vulnerability can lead to memory corruption, which may result in application crashes or potentially allow an attacker to execute arbitrary code with the privileges of the user running LibreOffice. This could compromise the security and stability of the system where the vulnerable LibreOffice version is used.

Mitigation Strategies

To mitigate this vulnerability, you should update LibreOffice to a fixed version where oversized DXF polylines are rejected, preventing the heap buffer overflow.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart