CVE-2026-6047

UNKNOWN 0.0

Heap buffer overflow in OOXML text box element import

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

CWE	CWE-787 CWE-843
Vendor	the document foundation
Product	libreoffice
Published	Jun 15, 2026
Last Updated	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for the document foundation libreoffice

Be the first to know when new unknown vulnerabilities affecting the document foundation libreoffice are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

The Document Foundation / LibreOffice

25.8 < < 25.8.7 26.2 < < 26.2.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

libreoffice.org: https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047

Credits

Anthropic (automated discovery using Claude) Trail of Bits (triage and validation)