Description
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.
Published: 2026-06-15
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibreOffice can import legacy binary PPT files; a buffer overflow occurs when a colour-replacement record contains more colours than the fixed tables can accommodate. Two passes write into the same fixed-size tables without resetting the write position. A crafted PPT whose total colour count exceeds the table size will write past the end of the stack, potentially corrupting memory and enabling arbitrary code execution if the attacker supplies the file.

Affected Systems

The Document Foundation's LibreOffice – any version that still supports legacy binary PPT import and has not yet been updated to the fixed release. No specific version numbers are supplied by the CVE data.

Risk and Exploitability

The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation as of the last data update. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred from the description: a crafted .ppt file that triggers the overflow must be supplied to the target system, so the likely vector is a local or remote delivery of a malicious attachment that the user opens.

Generated by OpenCVE AI on June 17, 2026 at 23:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest LibreOffice release that includes the patch for CVE-2026-8356
  • Disable legacy binary PPT format support in LibreOffice if it is not needed
  • Scan any .ppt files with a trusted antivirus before opening
  • Ensure users receive training on not opening unknown PPT attachments

Generated by OpenCVE AI on June 17, 2026 at 23:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4633-1 libreoffice security update
Debian DSA Debian DSA DSA-6346-1 libreoffice security update
History

Tue, 16 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
First Time appeared The Document Foundation
The Document Foundation libreoffice
Vendors & Products The Document Foundation
The Document Foundation libreoffice

Tue, 16 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.
Title Stack buffer overflow in PPT presentation import
Weaknesses CWE-121
CWE-787
References
Metrics cvssV4_0

{'score': 5.4, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

The Document Foundation Libreoffice
cve-icon MITRE

Status: PUBLISHED

Assigner: Document Fdn.

Published:

Updated: 2026-06-15T18:05:22.786Z

Reserved: 2026-05-11T18:42:20.783Z

Link: CVE-2026-8356

cve-icon Vulnrichment

Updated: 2026-06-15T18:05:17.104Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T18:16:37.390

Modified: 2026-06-15T20:55:48.070

Link: CVE-2026-8356

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-15T16:23:06Z

Links: CVE-2026-8356 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T23:15:14Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow

  • CWE-131

    Incorrect Calculation of Buffer Size

  • CWE-787

    Out-of-bounds Write