CVE-2024-7788 — Improper Verification of Cryptographic Signature in Document Foundation Libreoffice

CWE-347 — Improper Verification of Cryptographic Signature7 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 80.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

THE Document Foundation Libreoffice Libreoffice

Timeline

PublishedSep 17

Latest updateSep 19

Description

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5the_document_foundation/libreoffice24.2 — < 24.2.5

▶NVDlibreoffice/libreoffice24.2.0 — 24.2.5

▶Debianlibreoffice/libreoffice< 1:7.0.4-4+deb11u11+3

🔴Vulnerability Details

GHSA

GHSA-62pp-53wf-pprq: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability↗2024-09-17

▶

OSV

CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability↗2024-09-17

▶

CVEList

Signatures in "repair mode" should not be trusted↗2024-09-17

▶

📋Vendor Advisories

Ubuntu

LibreOffice vulnerability↗2024-09-19

▶

Red Hat

libreoffice: improper digital signature invalidation vulnerability↗2024-09-17

▶

Debian

CVE-2024-7788: libreoffice - Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The...↗2024

▶