Description
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.

This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
Published: 2026-05-07
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibreOffice contains an out‑of‑bounds write vulnerability that can be triggered by opening specially crafted OOXML documents with mismatched encryption salts. This flaw allows writing data beyond the intended memory buffer, potentially corrupting heap structures. While the description does not confirm arbitrary code execution, such heap corruption could lead to application crashes, data loss, or, in the worst case, exploitation of control flow to execute arbitrary code.

Affected Systems

The vulnerability affects LibreOffice versions 25.8.0 through 25.8.6 and 26.2.0 through 26.2.2, released by The Document Foundation.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting limited publicly observed exploitation. The likely attack vector involves an attacker convincing a user to open the malicious OOXML file, which is a local‑user or file‑system attack scenario. The potential for memory corruption represents a moderate risk to confidentiality, integrity, and availability of the affected system.

Generated by OpenCVE AI on May 7, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreOffice to 26.2.3 or later, or to 25.8.7 or later, to receive the vendor fix.
  • If an upgrade cannot be applied immediately, limit the ability to open OOXML documents or configure LibreOffice to open them in a sandboxed environment to contain potential memory corruption.
  • Implement preventive file‑type scanning or restrictions so that untrusted OOXML files cannot be opened on the system.

Generated by OpenCVE AI on May 7, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 07:30:00 +0000

Type Values Removed Values Added
Description Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.
Title Heap Buffer Overflow in AgileEngine
Weaknesses CWE-787
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Document Fdn.

Published:

Updated: 2026-05-07T13:03:05.876Z

Reserved: 2026-03-19T14:58:41.694Z

Link: CVE-2026-4430

cve-icon Vulnrichment

Updated: 2026-05-07T13:03:01.777Z

cve-icon NVD

Status : Received

Published: 2026-05-07T08:16:00.967

Modified: 2026-05-07T08:16:00.967

Link: CVE-2026-4430

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T08:30:25Z

Weaknesses