Impact
The vulnerability is a heap use‑after‑free that occurs when LibreOffice parses the blank‑width characters of an ODF number format. A position value extracted from the document is used without checking it against the length of the corresponding format‑code string, allowing a specially crafted number format to read data from memory beyond the allocated buffer. This flaw falls under CWE‑416, CWE‑787, and CWE‑825 and can lead to corruption of application memory or a crash, but the CVE description does not explicitly confirm remote code execution or higher‑level exploitation.
Affected Systems
LibreOffice builds from The Document Foundation that were released before the fix that added bounds‑checking for the position value remain vulnerable. No specific version numbers are listed, so every installation of LibreOffice older than the patched release is potentially affected.
Risk and Exploitability
The CVSS score of 5.4 indicates a moderate severity assessment. The EPSS score is below 1 %, suggesting a very low likelihood of exploitation on its own time. The issue is not present in the CISA KEV catalog. The most likely attack vector involves a malicious actor creating a malformed ODF document containing an improper number format; when a user opens the file, the parsing routine can access memory outside the intended bounds. No public exploit has been disclosed, but the combination of a use‑after‑free and out‑of‑bounds read warrants precautionary measures.
OpenCVE Enrichment
Debian DSA