CVE-2026-6039

Publication date 15 June 2026

Last updated 16 July 2026


Ubuntu priority

Description

LibreOffice can import drawings in the DXF format used by CAD software. A heap buffer overflow existed when importing a DXF polyline. The point count taken from the file was truncated to a 16-bit value when the point buffer was sized, while the full count was used to fill it, so a polyline whose point count exceeded the 16-bit range was written past the end of the buffer. In fixed versions such oversized polylines are rejected.

Status

Package Ubuntu Release Status
libreoffice 26.04 LTS resolute
Fixed 4:26.2.4.2-0ubuntu0.26.04.2
25.10 questing Ignored end of life, was needs-triage
24.04 LTS noble
Fixed 4:24.2.7-0ubuntu0.24.04.6
22.04 LTS jammy
Fixed 1:7.3.7-0ubuntu0.22.04.12
20.04 LTS focal
Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libreoffice

Severity score breakdown

CVSS version: CVSS v4.0

Base score 5.4 · Medium

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:P

References

Related Ubuntu Security Notices (USN)

    • USN-8534-1
    • LibreOffice vulnerabilities
    • 13 July 2026

Other references


Access our resources on patching vulnerabilities