CVE-2024-7788

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibreOffice versions prior to 24.2.5

Description The issue affects the Zip Repair Mode of LibreOffice, where an improper digital signature invalidation vulnerability allows for signature forgery. This means an attacker could create a specially crafted document that, after repair, would report a valid electronic signature status, potentially deceiving users about the document's authenticity.

Recommendations For versions prior to 24.2.5, update to version 24.2.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the Zip Repair Mode until a patch is applied. Restrict access to documents that have been repaired using the vulnerable mode to minimize the risk of exploitation.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

ALT-PU-2024-13526

ALT-PU-2024-14937

ALT-PU-2024-15239

BDU:2024-07260

CVE-2024-7788

DLA-3915-1

DSA-5772-1

USN-7025-1

Affected Products

Alt Linux

Astra Linux

Libreoffice

Linuxmint

Red Os

Ubuntu

CVE-2024-7788

Weakness Enumeration

Related Identifiers

Affected Products

References · 33