We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-7788

Signatures in "repair mode" should not be trusted



Description

Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

Reserved 2024-08-14 | Published 2024-09-17 | Updated 2024-10-12 | Assigner Document Fdn.


HIGH: 7.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-347 Improper Verification of Cryptographic Signature

Product status

Default status
unaffected

24.2 before < 24.2.5
affected

Credits

Thanks to Thanks to Yufan You for finding and reporting this issue finder

Thanks to Michael Stahl of allotropia for providing a fix remediation developer

References

www.libreoffice.org/...-us/security/advisories/CVE-2024-7788

cve.org (CVE-2024-7788)

nvd.nist.gov (CVE-2024-7788)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-7788

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.