CVE-2026-8356
Deferred Deferred - Pending Action
Stack Buffer Overflow in LibreOffice Importer

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Document Foundation, The

Description
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-8356
EUVD
EUVD-2026-36738
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_document_foundation libreoffice *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in LibreOffice when importing presentations in the legacy binary PPT format. Specifically, a stack buffer overflow occurs during the import of a colour-replacement record. The issue arises because two fixed-size colour tables are filled from the file, but the write position is not reset between the two passes over the record. If the combined colour counts exceed the table size, data is written past the end of the tables on the stack, causing a buffer overflow.

In fixed versions of LibreOffice, the unused second pass is no longer read into those tables, preventing the overflow.

Impact Analysis

A stack buffer overflow can lead to various impacts including application crashes, data corruption, or potentially arbitrary code execution if exploited. Since this vulnerability occurs during the import of a specially crafted PPT file, an attacker could exploit it by convincing a user to open a malicious presentation file, potentially compromising the user's system or data.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8356. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart