GHSA-pp4w-c8m6-4xvfMediumCVSS 7.3
A heap use-after-free existed when importing the blank-width characters of an ODF number format....
🔗 CVE IDs covered (1)
📋 Description
A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-6040
- https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040
- https://access.redhat.com/security/cve/CVE-2026-6040
- https://bugzilla.redhat.com/show_bug.cgi?id=2488966
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-6040.json
- https://github.com/advisories/GHSA-pp4w-c8m6-4xvf