Assigner | Document Fdn. |
Reserved | 2024-03-28 |
Published | 2024-05-14 |
Updated | 2024-06-04 |
Description
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
Problem types
CWE-20 Improper Input Validation
Product status
7.6 before 7.6.7
24.2 before 24.2.3
Credits
Thanks to Amel Bouziane-Leblond for for finding and reporting this issue.
References
https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044