CVE-2026-8358
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
LibreOffice Calc had a heap buffer overflow vulnerability when a document reused the same change identifier for two different kinds of changes. This led to writing past the end of its allocation.
Risk Assessment
An attacker could exploit this vulnerability to inject malicious code or destabilize the application, potentially leading to data loss or security breaches.
Recommendation
It is recommended to update LibreOffice to the latest version, which includes fixes that reject records with duplicate identifiers.
Original NVD description (English source)
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of change. The importer then treated one change object as a different, larger type and wrote past the end of its allocation. In fixed versions records with a duplicate identifier are rejected.

