CVE-2024-3044
MEDIUM EPSS 58.7%
Published May 14, 20242y ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Published May 14, 2024 2y ago
Last Modified Jun 17, 2026 1w ago
Description
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability Low
Threat Intelligence
EPSS Exploit Probability
58.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-356
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 4
| Vendor | Product | Version | Range |
|---|---|---|---|
| libreoffice | libreoffice | * | <7.6.7.1 |
| libreoffice | libreoffice | * | ≥24.2.0.0 – <24.2.3.1 |
| fedoraproject | fedora | 39 | any |
| debian | debian_linux | 10.0 | any |
References 3
- lists.debian.org https://lists.debian.org/debian-lts-announce/2024/05/msg00016.html
- lists.fedoraproject.org https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TU3TYDXICKPYHMCNL7ARYYBXACEAYJ4/
- libreoffice.org https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.