CVE-2024-7788

Published: Sep 17, 2024Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5.

Affected (1)

Products: Libreoffice: Libreoffice

Libreoffice

1 product

Libreoffice

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Libreoffice Libreoffice	From 24.2.0 to 24.2.5

Related CWEs

CWE-347

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (2)

https://www.libreoffice.org/about-us/security/advisories/CVE-2024-7788

Source: security@documentfoundation.org

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/10/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.