Bug 2488961 (CVE-2026-8356)

Summary: CVE-2026-8356 libreoffice: LibreOffice: Denial of Service via a specially crafted PPT file
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in LibreOffice. This vulnerability, a stack buffer overflow, occurs when processing specially crafted legacy PowerPoint (PPT) files. An attacker could exploit this by convincing a user to open a malicious document, which may lead to a denial of service (DoS) due to the application crashing. This primarily affects desktop users who handle untrusted files.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2489094    
Bug Blocks:    

Description OSIDB Bzimport 2026-06-15 18:01:37 UTC 
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.