CVE-2026-6047

Publié : 15 juin 2026

Modifié : 15 juin 2026

Description détaillée

LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed past the end of the allocation. In fixed versions the type is checked before the write.

Références et Patchs

https://www.libreoffice.org/about-us/security/advisories/cve-2026-6047

Dernières Vulnérabilités

CVE-2026-9691

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 versions.

VOIR DÉTAILS

CVE-2026-52703

Unauthenticated Path Traversal in FastDup <= 2.7.2 versions.

VOIR DÉTAILS

CVE-2026-52702

Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions.

VOIR DÉTAILS