CVE-2026-6039

UNKNOWN 0.0

Heap buffer overflow in DXF polyline import

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.

CWE	CWE-787 CWE-197
Vendor	the document foundation
Product	libreoffice
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for the document foundation libreoffice

Be the first to know when new unknown vulnerabilities affecting the document foundation libreoffice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Document Foundation / LibreOffice

25.8 < < 25.8.7 26.2 < < 26.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreoffice.org: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6039

Credits

Anthropic (automated discovery using Claude) Trail of Bits (triage and validation)