Description
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- The Document Foundation / LibreOffice7.6 – 7.6.7
- The Document Foundation / LibreOffice24.2 – 24.2.3
References
- VENDOR_ADVISORYhttps://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2024/05/msg00016.html
- MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/