Impact
LibreOffice can import legacy binary PPT files; a buffer overflow occurs when a colour-replacement record contains more colours than the fixed tables can accommodate. Two passes write into the same fixed-size tables without resetting the write position. A crafted PPT whose total colour count exceeds the table size will write past the end of the stack, potentially corrupting memory and enabling arbitrary code execution if the attacker supplies the file.
Affected Systems
The Document Foundation's LibreOffice – any version that still supports legacy binary PPT import and has not yet been updated to the fixed release. No specific version numbers are supplied by the CVE data.
Risk and Exploitability
The CVSS score of 5.4 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation as of the last data update. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred from the description: a crafted .ppt file that triggers the overflow must be supplied to the target system, so the likely vector is a local or remote delivery of a malicious attachment that the user opens.
OpenCVE Enrichment
Debian DLA
Debian DSA