CVE-2026-6040

Publié : 15 juin 2026

Modifié : 15 juin 2026

Description détaillée

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed versions the position is bounds-checked before use.

Références et Patchs

https://www.libreoffice.org/about-us/security/advisories/cve-2026-6040

Dernières Vulnérabilités

CVE-2026-9691

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

VOIR DÉTAILS

CVE-2026-52703

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

VOIR DÉTAILS

CVE-2026-52702

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

VOIR DÉTAILS