Impact
LibreOffice can import EMF+ graphics, and a heap buffer overflow exists when an EMF+ gradient brush is processed. The library reads the gradient blend point count from the file, multiplies it to compute an allocation size, and the multiplication can overflow. As a result a small buffer is allocated and later written to as if it were larger, corrupting adjacent memory. The weakness is an integer overflow (CWE-190) and an out‑of‑bounds write (CWE-787).
Affected Systems
This vulnerability affects LibreOffice from The Document Foundation. The advisory does not list specific release numbers, but indicates that the fix has been applied in more recent versions of the suite.
Risk and Exploitability
The flaw is assigned a CVSS score of 5.4 and an EPSS score of less than 1 %, indicating moderate technical severity but a very low exploitation probability at the time of assessment. It is not included in CISA’s KEV catalog. Exploitation would require a user to open a malicious document containing a vulnerable EMF+ gradient brush; the attack vector is file‑based and hinges on user interaction. The buffer overrun could lead to memory corruption and potentially compromise the stability or integrity of the application, though no evidence of direct code execution is provided by the description.
OpenCVE Enrichment
Debian DLA
Debian DSA