CVE-2026-8357 MEDIUM

CVE-2026-8357: Heap buffer overflow in Calc formula compilation

Vendor The Document Foundation
Product LibreOffice
Weakness CWE-787
Published June 15, 2026
Last update June 30, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for that worst case, so such a formula wrote one element past its end. In fixed versions the array is sized to hold the largest possible nesting.

Key dates

02Disclosure timeline

June 15, 2026 CVE published
June 30, 2026 Record updated