Back

Critical LibreOffice Vulnerability Allows DoS and Potential Code Execution

Severity: High (Score: 72.0)

Sources: Ubuntu, Linuxsecurity

Published: 2026-06-01 · Updated: 2026-06-02

Keywords: libreoffice, ubuntu, made, crash, programs, your, login

Severity indicators: flaw

Summary

A significant vulnerability in LibreOffice has been identified, allowing attackers to crash the application or execute arbitrary code by opening specially crafted OOXML documents. Discovered by Duc Anh Nguyen, this flaw arises from the incorrect handling of mismatched encryption salt parameters. Affected systems include Ubuntu 26.04 LTS and Ubuntu 25.10. The vulnerability could lead to a denial of service (DoS) or unauthorized code execution, posing a serious risk to users. Users are advised to update their systems to the latest package versions to mitigate this risk. The update includes additional bug fixes and is part of a new upstream release. Ubuntu Pro offers extended security coverage for affected packages. Key Points: • LibreOffice vulnerability allows DoS and potential code execution via crafted files. • Affected systems include Ubuntu 26.04 LTS and Ubuntu 25.10. • Users should update to the latest package versions to mitigate the risk.

Detailed Analysis

**Impact** Users of LibreOffice on Ubuntu 26.04 LTS and 25.10, including individuals and organizations relying on these distributions, are affected. The vulnerability allows crafted OOXML files to cause application crashes (denial of service) or potentially execute arbitrary code with user-level privileges. This could disrupt business operations relying on LibreOffice for document processing and expose systems to unauthorized code execution. No specific sectors or geographic regions beyond Ubuntu users were detailed. **Technical Details** The issue arises from improper handling of mismatched encryption salt parameters in crafted OOXML documents. Exploitation requires opening a maliciously crafted file in LibreOffice, enabling denial of service or possible arbitrary code execution at the user privilege level. No CVE identifier or malware/tool names were provided. The attack vector is document-based, affecting the execution and parsing stage of the kill chain. No infrastructure details or IOCs were reported. **Recommended Response** Apply the updated LibreOffice packages immediately: version 4:26.2.3.2-0ubuntu0.26.04.1 for Ubuntu 26.04 LTS and 4:25.8.7-0ubuntu0.25.10.1 for Ubuntu 25.10. Perform standard system updates to incorporate the upstream release containing the fix. Monitor for crashes or unusual LibreOffice behavior and restrict opening untrusted OOXML documents until patched. No specific detection signatures or indicators were provided.

Source articles (2)

  • USN-8352-1: LibreOffice vulnerability — Ubuntu · 2026-06-01
    LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parame…
  • Ubuntu 26.04 LibreOffice Significant DoS Flaw USN-8352 — Linuxsecurity · 2026-06-01
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: LibreOffice could be made to crash or run programs as your login if it opened a specia…

Timeline

  • 2026-06-01 — USN-8352-1 released: Ubuntu released a security notice addressing a critical LibreOffice vulnerability affecting multiple versions.
  • 2026-06-01 — Vulnerability discovered by Duc Anh Nguyen: The vulnerability was identified due to incorrect handling of encryption salt parameters in OOXML documents.

Related entities

  • DDoS (Attack Type)
  • Denial of Service (Attack Type)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • LibreOffice (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed