Skip to main content

LibreOffice CVE-2026-4430

| EUVDEUVD-2026-28327 MEDIUM
Out-of-bounds Write (CWE-787)
2026-05-07 Document Fdn. GHSA-cwgp-8p97-cf77
5.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
SUSE
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Red Hat
7.6 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

5
Analysis Generated
May 07, 2026 - 10:00 vuln.today
Patch available
May 07, 2026 - 09:01 EUVD
CVSS changed
May 07, 2026 - 08:22 NVD
5.4 (MEDIUM)
CVE Published
May 07, 2026 - 07:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 07, 2026 - 07:16 nvd
MEDIUM 5.4

DescriptionCVE.org

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.

This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

AnalysisAI

Out-of-bounds write in LibreOffice 26.2 before 26.2.3 and 25.8 before 25.8.7 allows local attackers to cause memory corruption and availability impact by opening crafted OOXML documents with mismatched encryption salt parameters. The vulnerability requires user interaction to open a malicious document and affects memory integrity with elevated scope impact on availability.

Technical ContextAI

This vulnerability exists in LibreOffice's OOXML document parser, specifically in the encryption salt parameter handling logic. OOXML (Office Open XML) is the standardized format for Microsoft Office documents and is also used by LibreOffice. When processing Office documents with encryption, the parser must validate and synchronize encryption salt values; a mismatch between expected and actual salt parameters in the document structure causes the parser to write beyond allocated buffer boundaries. This is a classic CWE-787 (Out-of-bounds write) memory corruption vulnerability affecting the encryption/decryption subsystem. The CPE cpe:2.3:a:the_document_foundation:libreoffice:*:*:*:*:*:*:*:* confirms the vulnerability affects the mainstream LibreOffice product across multiple versions.

RemediationAI

Update LibreOffice to version 26.2.3 or later for the 26.2 branch, or to version 25.8.7 or later for the 25.8 branch. Vendor-released patches are confirmed available from The Document Foundation. As a compensating control before patching, users should disable automatic opening of attachments from untrusted sources and implement document scanning or sandboxing for OOXML files from external parties. Note that sandboxing LibreOffice can prevent system-wide impact but does not prevent the application crash within the sandboxed process. For enterprise deployments, restrict OOXML document processing to trusted internal sources until patches can be applied. See https://www.libreoffice.org/about-us/security/advisories/cve-2026-4430 for official vendor guidance.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed

Share

CVE-2026-4430 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy