CVE-2026-4430

CVE-2026-4430

Name

CVE-2026-4430

Description

Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.libreoffice.org/about-us/security/advisories/cve-2026-4430

Type

URI

Vendor Advisory

https://www.libreoffice.org/about-us/security/advisories/cve-2026-4430

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libreoffice:libreoffice::::::::`	libreoffice	>= 25.8.0.0	< 25.8.7.0
`cpe:2.3:a:libreoffice:libreoffice::::::::`	libreoffice	>= 26.2.0.0	< 26.2.3.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

libreoffice

>= 25.8.0.0

< 25.8.7.0

cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*

libreoffice

>= 26.2.0.0

< 26.2.3.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libreoffice	edge-community	25.8.5.2-r1	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.5.2-r0	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.4.2-r0	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r7	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r6	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r5	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r4	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r3	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r2	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r1	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	edge-community	25.8.1.1-r0	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable
libreoffice	3.23-community	25.8.1.1-r5	Timo Teräs <timo.teras@iki.fi>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libreoffice

edge-community

25.8.5.2-r1

Timo Teräs <timo.teras@iki.fi>

possibly vulnerable

libreoffice

edge-community