2488961 – (CVE-2026-8356) CVE-2026-8356 libreoffice: LibreOffice: Denial of Service via a specially crafted PPT file

Bug 2488961 (CVE-2026-8356) - CVE-2026-8356 libreoffice: LibreOffice: Denial of Service via a specially crafted PPT file

Summary: CVE-2026-8356 libreoffice: LibreOffice: Denial of Service via a specially cra...

Keywords:
Status:	NEW
Alias:	CVE-2026-8356
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2489094
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-15 18:01 UTC by OSIDB Bzimport
Modified:	2026-06-16 06:41 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-15 18:01:37 UTC

LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the file, but the write position was not reset between the two passes over the record, so a file whose combined colour counts exceeded the table size wrote past the end of the tables on the stack. In fixed versions the unused second pass is no longer read into those tables.

Note You need to log in before you can comment on or make changes to this bug.