Impact
LibreOffice Calc allows users to import spreadsheet documents that include tracked changes. When a spreadsheet reuses the same change identifier for two distinct kinds of change, the import routine treats one change object as a larger type and writes past the end of the allocated memory region, causing a heap buffer overflow. The overflow is an out‑of‑bounds write, identified as CWE‑787, coupled with an improper type conversion (CWE‑843). The memory corruption could compromise the stability of the application and, in the worst case, allow an attacker to influence program execution or cause a denial of service. Exploit requires a malicious spreadsheet file with duplicate change identifiers and local user interaction to import the file into Calc. The CVSS score of 5.4 reflects a moderate severity, and the EPSS score of less than 1% indicates a very low likelihood of active exploitation. The vulnerability is not listed in the CISA KEV catalog.
Affected Systems
LibreOffice Calc, all versions released before the duplicate‑identifier validation was added. Precise version numbers are not supplied, but any release that processes tracked‑changes imports without validation is affected.
Risk and Exploitability
The CVSS score of 5.4 shows moderate risk, and the EPSS score of <1% demonstrates that attack activity is unlikely today. Because exploitation requires a crafted spreadsheet and local user action, the opportunity for remote or automated attacks is limited. The vulnerability is not in CISA KEV, further indicating the overall risk remains low.
OpenCVE Enrichment
Debian DLA
Debian DSA