PT-2024-5730 · Document Foundation+8 · Libreoffice+8

Opensource Security

Published

2024-08-05

Updated

2025-12-10

CVE-2024-6472

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreOffice versions 24.2 through 24.2.4

Description The issue is related to the Certificate Validation user interface in LibreOffice, which allows a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened, a warning is displayed by LibreOffice before the macro is executed. Previously, if verification failed, the user could fail to understand the failure and choose to enable the macros anyway.

Recommendations For LibreOffice versions 24.2 through 24.2.4, update to version 24.2.5 or later to resolve the issue. As a temporary workaround, consider disabling the execution of signed macros until a patch is available. Restrict access to documents with signed macros to minimize the risk of exploitation. Avoid enabling macros from untrusted sources.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALSA-2024:5583

ALSA-2024:5598

ALT-PU-2024-11573

ALT-PU-2024-14937

ALT-PU-2024-15239

BDU:2024-06443

CESA-2024_5598

CVE-2024-6472

DSA-5737-1

INFSA-2024_5583

INFSA-2024_5598

MGASA-2024-0320

RHSA-2024:5583

RHSA-2024:5584

RHSA-2024:5598

RHSA-2024:5599

RHSA-2024:5601

RHSA-2024:5607

RHSA-2024:5608

RHSA-2024:5886

RHSA-2024_5583

RHSA-2024_5598

USN-6962-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Libreoffice

Linuxmint

Red Hat

Rocky Linux

Ubuntu

PT-2024-5730 · Document Foundation+8 · Libreoffice+8

CVE-2024-6472

Weakness Enumeration

Related Identifiers

Affected Products

References · 40