Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8 before 25.8.7.

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8352-1 advisory.

    Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in     crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a     denial of service, or possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8340-1 advisory.

    Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in     crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a     denial of service, or possibly execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by a vulnerability as referenced in the ALAS2LIBREOFFICE-2026-008 advisory.

    NOTE: https://www.libreoffice.org/security/#cve-2026-4430NOTE:
    https://git.libreoffice.org/core/+/1ec3db717fa144ddff3e9b0a2338a82355cf365b (CVE-2026-4430)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of LibreOffice installed on the remote host is prior to 25.8.7 or 26.2.3. It is, therefore, affected by a heap buffer overflow vulnerability:

  - An out-of-bounds write vulnerability exists in the AgileEngine component of LibreOffice. An attacker can exploit     this by crafting a malicious OOXML document with mismatched encryption salt parameters, potentially leading to     arbitrary code execution or application crash when the document is opened. (CVE-2026-4430)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6251 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-6251-1                   security@debian.org     https://www.debian.org/security/                       Moritz Muehlenhoff     May 07, 2026                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : libreoffice     CVE ID         : CVE-2026-4430

    Dun Anh Nguyen discovered a buffer overflow in LibreOffice, which could     result in an out-of-bounds write if OOXML documents with malformed     encryption parameters are opened.

    For the oldstable distribution (bookworm), this problem has been fixed     in version 4:7.4.7-1+deb12u11.

    For the stable distribution (trixie), this problem has been fixed in     version 4:25.2.3-2+deb13u4.

    We recommend that you upgrade your libreoffice packages.

    For the detailed security status of libreoffice please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libreoffice

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with     mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3, from 25.8     before 25.8.7. (CVE-2026-4430)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
318261	Ubuntu 25.10 / 26.04 LTS : LibreOffice vulnerability (USN-8352-1)	Nessus	Ubuntu Local Security Checks	medium
318125	Ubuntu 22.04 LTS / 24.04 LTS : LibreOffice vulnerability (USN-8340-1)	Nessus	Ubuntu Local Security Checks	medium
316950	Amazon Linux 2 : libreoffice, --advisory ALAS2LIBREOFFICE-2026-008 (ALASLIBREOFFICE-2026-008)	Nessus	Amazon Linux Local Security Checks	medium
313231	LibreOffice 25.8.x < 25.8.7 / 26.2.x < 26.2.3 Heap Buffer Overflow (CVE-2026-4430)	Nessus	Misc.	medium
313164	Debian dsa-6251 : fonts-opensymbol - security update	Nessus	Debian Local Security Checks	medium
313070	Linux Distros Unpatched Vulnerability : CVE-2026-4430	Nessus	Misc.	medium

Detections

Analytics

CVE-2026-4430

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium