Impact
LibreOffice imports DXF drawings. During polyline import, an internal heap buffer is sized based on a truncated 16‑bit point count while the full 32‑bit count is used to copy data, resulting in a heap buffer overflow. This overflow can corrupt memory and, depending on the environment, may lead to denial of service or arbitrary code execution. The weakness involves numeric truncation (CWE‑190), integer manipulation (CWE‑197) and out‑of‑bounds memory access (CWE‑787).
Affected Systems
The affected product is LibreOffice from The Document Foundation. Any release that has not yet implemented the filter that rejects oversized polylines remains vulnerable. The fixed versions reject such polylines, so updating to the latest LibreOffice release removes the problem.
Risk and Exploitability
The CVSS score of 5.4 indicates moderate severity. The EPSS score of less than 1 % shows a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is the file import feature; a malicious user could supply a crafted DXF file with an oversized polyline. No formal workaround is provided, so mitigation relies on applying the vendor‑issued patch and restricting DXF import from untrusted sources.
OpenCVE Enrichment
Debian DLA
Debian DSA