CVE-2024-7788
published 2024-09-17CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in…
PriorityP434high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
0.20%
9.5th percentile
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libreoffice | < libreoffice 4:7.4.7-1+deb12u5 (bookworm) | libreoffice 4:7.4.7-1+deb12u5 (bookworm) |
| libreoffice | libreoffice | >= 0 < 1:7.0.4-4+deb11u11 | 1:7.0.4-4+deb11u11 |
| libreoffice | libreoffice | >= 0 < 4:7.4.7-1+deb12u5 | 4:7.4.7-1+deb12u5 |
| libreoffice | libreoffice | >= 0 < 4:24.2.5-1 | 4:24.2.5-1 |
| libreoffice | libreoffice | >= 0 < 4:24.2.5-1 | 4:24.2.5-1 |
| libreoffice | libreoffice | >= 24.2.0 < 24.2.5 | 24.2.5 |
| the_document_foundation | libreoffice | >= 24.2 < < 24.2.5 | < 24.2.5 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-62pp-53wf-pprq: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability
ghsa_unreviewed·2024-09-17
CVE-2024-7788 [HIGH] CWE-347 GHSA-62pp-53wf-pprq: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
OSV
CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability
osv·2024-09-17·CVSS 7.8
CVE-2024-7788 [HIGH] CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
Ubuntu
LibreOffice vulnerability
vendor_ubuntu·2024-09-19
CVE-2024-7788 LibreOffice vulnerability
Title: LibreOffice vulnerability
Summary: LibreOffice could accept fraudulent digital signatures.
It was discovered that LibreOffice would incorrectly handle digital
signature verification after repairing a corrupted document. A remote
attacker could possibly use this issue to forge valid signatures.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libreoffice: improper digital signature invalidation vulnerability
vendor_redhat·2024-09-17·CVSS 7.8
CVE-2024-7788 [HIGH] CWE-347 libreoffice: improper digital signature invalidation vulnerability
libreoffice: improper digital signature invalidation vulnerability
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
A flaw was found in LibreOffice. Various file formats are based on the zip file format. In cases of corruption of the underlying zip's central directory, LibreOffice offers a "repair mode" which will attempt to recover the zip file structure by scanning for secondary local file headers in the zip to reconstruct the document. In the case of digitally signed zip files, an attacker could construct a document which, when repaired, reported a signature status not valid for the recovered file.
Statement: Th
Debian
CVE-2024-7788: libreoffice - Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The...
vendor_debian·2024·CVSS 7.8
CVE-2024-7788 [HIGH] CVE-2024-7788: libreoffice - Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The...
Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.
Scope: local
bookworm: resolved (fixed in 4:7.4.7-1+deb12u5)
bullseye: resolved (fixed in 1:7.0.4-4+deb11u11)
forky: resolved (fixed in 4:24.2.5-1)
sid: resolved (fixed in 4:24.2.5-1)
trixie: resolved (fixed in 4:24.2.5-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-09-17
Published