CVE-2026-8357
Deferred Deferred - Pending Action
Heap Buffer Overflow in LibreOffice Calc Due to Formula Parsing

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: Document Foundation, The

Description
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-8357
EUVD
EUVD-2026-36739
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_document_foundation libreoffice to 3.2.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow vulnerability exists when compiling a very long formula made up of many opening tokens. This happens because the array that tracks nesting depth was allocated one element too small for the worst case, causing the formula to write one element past the end of the array. Fixed versions have resized the array to hold the largest possible nesting.

Impact Analysis

This heap buffer overflow vulnerability can potentially lead to memory corruption when opening specially crafted spreadsheets with very long formulas. Such memory corruption could be exploited to cause application crashes, data corruption, or potentially allow an attacker to execute arbitrary code with the privileges of the user running LibreOffice Calc.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8357. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart