CVE-2026-6045

UNKNOWN 0.0

Heap buffer overflow in EMF+ gradient brush import

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions the blend-point count is checked against the data actually available before allocating.

CWE	CWE-787 CWE-190
Vendor	the document foundation
Product	libreoffice
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for the document foundation libreoffice

Be the first to know when new unknown vulnerabilities affecting the document foundation libreoffice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Document Foundation / LibreOffice

25.8 < < 25.8.7 26.2 < < 26.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreoffice.org: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6045

Credits

Anthropic (automated discovery using Claude) Trail of Bits (triage and validation)