These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8358 is a medium-severity vulnerability in LibreOffice Calc that can lead to a heap buffer overflow when importing tracked changes from a spreadsheet. The vulnerability occurs when a document reuses the same change identifier for two different kinds of change, causing the importer to treat one change object as a different, larger type and write past the end of its allocation. In fixed versions, r [truncated]
CVE-2026-8357 is a medium-severity vulnerability in LibreOffice Calc that can cause a heap buffer overflow when compiling a very long formula made up of many opening tokens. The array that tracks nesting depth was allocated one element too small for the worst-case scenario, allowing the formula to write one element past its end. In fixed versions, the array is sized to hold the largest possible nesting depth.
CVE-2026-8356 is a stack buffer overflow vulnerability in LibreOffice's PPT import feature. When importing a colour-replacement record from a PPT file, two fixed-size colour tables are filled from the file. However, the write position was not reset between the two passes over the record. This could allow a file with a combined colour count exceeding the table size to write past the end of the tables on th [truncated]
CVE-2026-6047 is a medium-severity vulnerability in LibreOffice, a popular open-source office suite. The vulnerability is caused by a heap buffer overflow that occurs when replaying deferred parser events for a text box element in the OOXML format (DOCX).
A heap buffer overflow existed in LibreOffice when importing an EMF+ gradient brush. The number of gradient blend points was read from the file and used to compute an allocation size, but that multiplication could overflow, so a small buffer was allocated and then filled as if it were large, writing past its end. In fixed versions, the blend-point count is checked against the data actually available befor [truncated]
A heap use-after-free vulnerability existed in LibreOffice when importing the blank-width characters of an ODF number format. The issue occurred because a position value read from the document was not checked against the length of the format-code string. This allowed a malformed number format to be processed against memory outside that string. In fixed versions, the position is bounds-checked before use.
A heap buffer overflow existed in LibreOffice when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it. This could allow an attacker to write past the end of the buffer. In fixed versions, such oversized polylines are rejected.
