CVE-2024-6472
published 2024-08-05CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.24%
14.7th percentile
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libreoffice | < libreoffice 4:7.4.7-1+deb12u4 (bookworm) | libreoffice 4:7.4.7-1+deb12u4 (bookworm) |
| libreoffice | libreoffice | >= 0 < 1:7.0.4-4+deb11u10 | 1:7.0.4-4+deb11u10 |
| libreoffice | libreoffice | >= 0 < 4:7.4.7-1+deb12u4 | 4:7.4.7-1+deb12u4 |
| libreoffice | libreoffice | >= 0 < 4:24.2.5-1 | 4:24.2.5-1 |
| libreoffice | libreoffice | >= 0 < 4:24.2.5-1 | 4:24.2.5-1 |
| libreoffice | libreoffice | >= 24.2.0.0 < 24.2.5.1 | 24.2.5.1 |
| the_document_foundation | libreoffice | >= 24.2 < 24.2.5 | 24.2.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6mm-86qp-2r3q: Certificate Validation user interface in LibreOffice allows potential vulnerability
ghsa_unreviewed·2024-08-05
CVE-2024-6472 [HIGH] CWE-295 GHSA-w6mm-86qp-2r3q: Certificate Validation user interface in LibreOffice allows potential vulnerability
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
OSV
CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability
osv·2024-08-05·CVSS 7.8
CVE-2024-6472 [HIGH] CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
Ubuntu
LibreOffice vulnerability
vendor_ubuntu·2024-08-15
CVE-2024-6472 LibreOffice vulnerability
Title: LibreOffice vulnerability
Summary: LibreOffice could be made to run programs if it opened a specially crafted
file.
It was discovered that LibreOffice incorrectly allowed users to enable
macros when a cryptographic signature failed to validate. If a user were
tricked into opening a specially crafted document, a remote attacker could
possibly execute arbitrary macros.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libreoffice: Ability to trust not validated macro signatures removed in high security mode
vendor_redhat·2024-08-05·CVSS 7.8
CVE-2024-6472 [HIGH] CWE-295 libreoffice: Ability to trust not validated macro signatures removed in high security mode
libreoffice: Ability to trust not validated macro signatures removed in high security mode
Certificate Validation user interface in LibreOffice allows potential vulnerability.
Signed macros are scripts that have been digitally signed by the
developer using a cryptographic signature. When a document with a signed
macro is opened a warning is displayed by LibreOffice before the macro
is executed.
Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.
This issue affects LibreOffice: from 24.2 before 24.2.5.
A vulnerability was found in versions of LibreOffice from 24.2 to before 24.2.5. When a document containing a signed macro fails verification, LibreOffice will display a warning which the user can choose to ignore the failu
Debian
CVE-2024-6472: libreoffice - Certificate Validation user interface in LibreOffice allows potential vulnerabil...
vendor_debian·2024·CVSS 7.8
CVE-2024-6472 [HIGH] CVE-2024-6472: libreoffice - Certificate Validation user interface in LibreOffice allows potential vulnerabil...
Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5.
Scope: local
bookworm: resolved (fixed in 4:7.4.7-1+deb12u4)
bullseye: resolved (fixed in 1:7.0.4-4+deb11u10)
forky: resolved (fixed in 4:24.2.5-1)
sid: resolved (fixed in 4:24.2.5-1)
trixie: resolved (fixed in 4:24.2.5-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-05
Published