PatchSiren cyber security CVE debrief
CVE-2026-6039 The Document Foundation CVE debrief
A heap buffer overflow existed in LibreOffice when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it. This could allow an attacker to write past the end of the buffer. In fixed versions, such oversized polylines are rejected.
- Vendor
- The Document Foundation
- Product
- LibreOffice
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of LibreOffice who work with DXF files, particularly those from untrusted sources.
Technical summary
The vulnerability is caused by improper handling of DXF polyline imports. When a polyline with a point count exceeding the 16-bit range is imported, the software writes past the end of the buffer, potentially allowing for code execution.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to a fixed version of LibreOffice.
- Be cautious when importing DXF files from untrusted sources.
Evidence notes
The CVE record and NVD detail pages provide information on this vulnerability.
Official resources
-
CVE-2026-6039 CVE record
CVE.org
-
CVE-2026-6039 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-6039 was published on 2026-06-15T18:16:36.740Z and has not been modified since then.