We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-3044

Graphic on-click binding allows unchecked script execution



Description

Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

Reserved 2024-03-28 | Published 2024-05-14 | Updated 2024-11-12 | Assigner Document Fdn.

Problem types

CWE-356 Product UI does not Warn User of Unsafe Actions

Product status

Default status
unaffected

7.6 before 7.6.7
affected

24.2 before 24.2.3
affected

Credits

Thanks to Amel Bouziane-Leblond for for finding and reporting this issue. finder

References

www.libreoffice.org/...-us/security/advisories/CVE-2024-3044

lists.debian.org/debian-lts-announce/2024/05/msg00016.html

lists.fedoraproject.org/...3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/

cve.org (CVE-2024-3044)

nvd.nist.gov (CVE-2024-3044)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-3044

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.