2488960 – (CVE-2026-6047) CVE-2026-6047 libreoffice: LibreOffice: Denial of service via heap buffer overflow in OOXML document processing

Bug 2488960 (CVE-2026-6047) - CVE-2026-6047 libreoffice: LibreOffice: Denial of service via heap buffer overflow in OOXML document processing

Summary: CVE-2026-6047 libreoffice: LibreOffice: Denial of service via heap buffer ove...

Keywords:
Status:	NEW
Alias:	CVE-2026-6047
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2489095
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-15 18:01 UTC by OSIDB Bzimport
Modified:	2026-06-16 06:52 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-15 18:01:33 UTC

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

Note You need to log in before you can comment on or make changes to this bug.