Unchecked Script Execution Vulnerability Affects LibreOffice Users
CVE-2024-3044

Currently unrated

Key Information:

Vendor

The Document Foundation

Status
Libreoffice
Vendor
CVE Published:
14 May 2024

What is CVE-2024-3044?

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

LibreOffice 7.6 < 7.6.7

LibreOffice 24.2 < 24.2.3

References

https://www.libreoffice.org/about-us/security/advisories/...
https://lists.debian.org/debian-lts-announce/2024/05/msg0...
https://lists.fedoraproject.org/archives/list/package-ann...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks to Amel Bouziane-Leblond for for finding and reporting this issue.
JSON
.