cbcvebase.
CVE-2024-6472
published 2024-08-05

CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer…

PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.24%
14.7th percentile
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianlibreoffice< libreoffice 4:7.4.7-1+deb12u4 (bookworm)libreoffice 4:7.4.7-1+deb12u4 (bookworm)
libreofficelibreoffice>= 0 < 1:7.0.4-4+deb11u101:7.0.4-4+deb11u10
libreofficelibreoffice>= 0 < 4:7.4.7-1+deb12u44:7.4.7-1+deb12u4
libreofficelibreoffice>= 0 < 4:24.2.5-14:24.2.5-1
libreofficelibreoffice>= 0 < 4:24.2.5-14:24.2.5-1
libreofficelibreoffice>= 24.2.0.0 < 24.2.5.124.2.5.1
the_document_foundationlibreoffice>= 24.2 < 24.2.524.2.5

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.