Impact
LibreOffice Calc builds an internal representation of cell formulas when a spreadsheet is opened. In some earlier releases, the array that tracks how deeply nested the formula’s parentheses become was allocated one element too small for the worst‑case scenario. If an attacker supplies a very long formula with many opening tokens, the program writes past the end of that array, causing a heap buffer overflow. The overflow can corrupt memory and, in a worst‑case scenario, enable execution of arbitrary code. The vulnerability is classified as CWE‑131 (Incorrect Size Calculation), CWE‑193 (Signed to Unsigned Conversion) and CWE‑787 (Out‑of‑Bounds Write). The publicly available CVSS score of 5.4 indicates moderate severity.
Affected Systems
The vulnerability affects LibreOffice, specifically the Calc component. Versions of LibreOffice released before the patch that corrects the array sizing are impacted. Exact version ranges are not listed, but any installation that has not been updated to the latest release is at risk.
Risk and Exploitability
The calculated EPSS score is less than 1 %, indicating a low predicted likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to deliver a malicious spreadsheet file and force the user to open it. Because the vulnerability resides in user‑initiated file handling and the impact level is moderate, overall risk is considered moderate, with exploitation less likely but still possible if the infected file is opened.
OpenCVE Enrichment
Debian DLA
Debian DSA