[Bug 2152251] Re: CVE-2026-4430

Wed, 13 May 2026 03:15:41 -0700 

** Also affects: libreoffice (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: libreoffice (Ubuntu Focal)
   Importance: Undecided => High

** Changed in: libreoffice (Ubuntu Focal)
     Assignee: (unassigned) => Rico Tzschichholz (ricotz)

** Description changed:

  CVE-2026-4430: "Heap Buffer Overflow in AgileEngine"
  
  Out-of-bounds write vulnerability in The Document Foundation LibreOffice
  via crafted OOXML documents with mismatched encryption salt parameters.
  
+ 
https://git.libreoffice.org/core/+/1ec3db717fa144ddff3e9b0a2338a82355cf365b%5E%21/
+ https://gerrit.libreoffice.org/c/core/+/201874
+ 
  https://ubuntu.com/security/CVE-2026-4430
+ https://security-tracker.debian.org/tracker/CVE-2026-4430
+ 
  
  * Resolute 26.04: Fix is included in 26.2.3 SRU
    - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2150525
-   - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/resolute-26.2
+   - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/resolute-26.2
  * Questing 25.10: Fix is included in 25.8.7 SRU
    - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2150734
-   - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/questing-25.8
+   - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/questing-25.8
  * Noble 24.04: Backport of patch to 24.2.7 required
    - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/noble-24.2
  * Jammy 22.04: Backport of patch to 7.3.7 required
    - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3
+ * Focal 20.04: Backport of patch to 6.4.7 required
+   - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4

** Changed in: libreoffice (Ubuntu)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2152251

Title:
  CVE-2026-4430

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2152251/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to